This topic describes how to manage database accounts for a cluster. For example, you can reset permissions of the privileged account, modify permissions of standard accounts, change a password, and delete accounts.
Background information
PolarDB for MySQL supports two types of accounts: privileged account and standard account. You can manage all accounts and databases in the PolarDB for MySQL console.
Precautions
To ensure data security, you cannot create and use a root account in PolarDB for MySQL.
If you execute the UPDATE or INSERT statement to modify permission tables in a MySQL database to change the password or permissions of an account, data cannot be synchronized to read-only nodes. We recommend that you use the following methods to change the password or permissions:
Use the PolarDB for MySQL console to change the password or permissions. For more information, see Change the password of an account.
Use the command-line interface (CLI) to change the password or permissions as a privileged user. For more information, see Run commands to change the password or permissions of an account.
Create a database account
For more information, see Create a database account.
Change the password of an account
- Log on to the PolarDB console.
- In the upper-left corner of the console, select the region in which the cluster that you want to manage is deployed.
- Find the cluster and click the cluster ID.
In the left-side navigation pane, choose .
Find the target account and click Change Password in the Actions column.
In the dialog box that appears, enter and confirm the new password, and click OK.
Reset permissions of the privileged account
If an issue occurs on the privileged account, for example, permissions are unexpectedly revoked, you can enter the password of the privileged account to reset permissions.
- Log on to the PolarDB console.
- In the upper-left corner of the console, select the region in which the cluster that you want to manage is deployed.
- Find the cluster and click the cluster ID.
In the left-side navigation pane, choose .
Find the target account and click Reset Permissions in the Actions column.
In the dialog box that appears, click OK .
Modify the permissions of a standard account
- Log on to the PolarDB console.
- In the upper-left corner of the console, select the region in which the cluster that you want to manage is deployed.
- Find the cluster and click the cluster ID.
In the left-side navigation pane, choose .
Find the target account and click Modify Permissions in the Actions column.
In the dialog box that appears, modify permissions of authorized databases and unauthorized databases, and click OK.
Delete an account
- Log on to the PolarDB console.
- In the upper-left corner of the console, select the region in which the cluster that you want to manage is deployed.
- Find the cluster and click the cluster ID.
In the left-side navigation pane, choose .
Find the target account and click Delete in the Actions column.
In the dialog box that appears, click OK.
Run commands to change the password or permissions of an account
You can log on to the cluster with the privileged account and run the following command to change the password of an account:
PolarDB for MySQL 8.0:
ALTER USER {username} IDENTIFIED BY '{password}'
Parameter
Description
username
The account for which you want to change the password.
password
The password of the account.
PolarDB for MySQL 5.6 or 5.7:
SET PASSWORD FOR 'username'@'host' = PASSWORD('password')
Parameter
Description
username
The account for which you want to change the password.
host
The host from which the account can be used to log on to the database. If you set this parameter to a percent sign (%), you can log on to the database from all hosts by using the account.
password
The password of the account.
You can log on to the cluster with the privileged account and run the following command to change permissions of an account:
GRANT privileges ON databasename.tablename TO 'username'@'host' WITH GRANT OPTION;
Parameter
Description
privileges
The operations that are granted to the account, such as SELECT, INSERT, and UPDATE. If you set this parameter to ALL, you can manage all databases.
databasename
The name of the database. If you set this parameter to an asterisk (*), the account can be used to manage all databases.
tablename
The name of a table. If you set this parameter to an asterisk (*), the account can be used to manage all tables.
username
The account to be authorized.
host
The host from which the account can be used to log on to the database. If you set this parameter to a percent sign (%), you can log on to the database from all hosts by using the account.
WITH GRANT OPTION
Grants the GRANT command permissions to the account. This parameter is optional.
Related operations
API | Description |
Creates an account for a specified cluster. | |
Queries the accounts of a specified cluster. | |
Modifies the description of an account for a specified cluster. | |
Changes the password of an account for a specified cluster. | |
Grants access permissions on one or more databases in a specified cluster to an account. | |
Revokes access permissions on one or more databases from an account for a specified cluster. | |
Resets permissions of an account. | |
Deletes an account. |