This topic describes how to manage database accounts for a cluster. For example, you can reset permissions of the privileged account, modify permissions of standard accounts, change a password, and delete accounts.

Background information

PolarDB for MySQL supports two types of accounts: privileged account and standard account. You can manage all accounts and databases in the Apsara PolarDB console.

Precautions

  • To ensure data security, you cannot create and use a root account in PolarDB.
  • If you execute the UPDATE or INSERT statement to modify permission tables in a MySQL database to change the password or permissions of an account, data cannot be synchronized to read-only nodes. We recommend that you use the following methods to change the password or permissions:

Create a database account

For more information, see Create database accounts.

Change the password of an account

  1. Log on to the PolarDB console.
  2. On the top of the page, select the region where the target cluster is located.
  3. Find the target cluster and click the cluster ID to go to the Overview page.
  4. In the left-side navigation pane, choose Settings and Management > Accounts.
  5. Find the target account and click Change Password in the Actions column.
    change
  6. In the dialog box that appears, enter and confirm the new password, and click OK.

Reset permissions of the privileged account

If an issue occurs on the privileged account, for example, permissions are unexpectedly revoked, you can enter the password of the privileged account to reset permissions.

  1. Log on to the PolarDB console.
  2. On the top of the page, select the region where the target cluster is located.
  3. Find the target cluster and click the cluster ID to go to the Overview page.
  4. In the left-side navigation pane, choose Settings and Management > Accounts.
  5. Find the target account and click Reset Permissions in the Actions column.
    reset
  6. In the dialog box that appears, enter the password of the privileged account and click OK .

Modify the permissions of a standard account

  1. Log on to the PolarDB console.
  2. On the top of the page, select the region where the target cluster is located.
  3. Find the target cluster and click the cluster ID to go to the Overview page.
  4. In the left-side navigation pane, choose Settings and Management > Accounts.
  5. Find the target account and click Modify Permissions in the Actions column.
    modify
  6. In the dialog box that appears, modify permissions of authorized databases and unauthorized databases, and click OK.

Delete an account

  1. Log on to the PolarDB console.
  2. On the top of the page, select the region where the target cluster is located.
  3. Find the target cluster and click the cluster ID to go to the Overview page.
  4. In the left-side navigation pane, choose Settings and Management > Accounts.
  5. Find the target account and click Delete in the Actions column.
    delete
  6. In the dialog box that appears, click OK.

Run commands to change the password or permissions of an account

  • You can log on to the cluster with the privileged account and run the following command to change the password of an account:
    • PolarDB for MySQL 8.0:
      ALTER USER {{username}} IDENTIFIED BY '{{password}}'
      Parameter Description
      username The account for which you want to change the password.
      password The password of the account.
    • PolarDB for MySQL 5.6 or 5.7:
      SET PASSWORD FOR 'username'@'host' = PASSWORD('password')
      Parameter Description
      username The account for which you want to change the password.
      host The host from which the account can be used to log on to the database. If you set this parameter to a percent sign (%), you can log on to the database from all hosts by using the account.
      password The password of the account.
  • You can log on to the cluster with the privileged account and run the following command to change permissions of an account:
    GRANT privileges ON databasename.tablename TO 'username'@'host' WITH GRANT OPTION;
    Parameter Description
    privileges The operations that are granted to the account, such as SELECT, INSERT, and UPDATE. If you set this parameter to ALL, you can manage all databases.
    databasename The name of the database. If you set this parameter to an asterisk (*), the account can be used to manage all databases.
    tablename The name of a table. If you set this parameter to an asterisk (*), the account can be used to manage all tables.
    username The account to be authorized.
    host The host from which the account can be used to log on to the database. If you set this parameter to a percent sign (%), you can log on to the database from all hosts by using the account.
    WITH GRANT OPTION Grants the GRANT command permissions to the account. This parameter is optional.

Related operations

API Description
CreateAccount Creates an account for a specified cluster.
DescribeAccounts Queries the accounts of a specified cluster.
ModifyAccountDescription Modifies the description of an account for a specified cluster.
ModifyAccountPassword Changes the password of an account for a specified cluster.
GrantAccountPrivilege Grants access permissions on one or more databases in a specified cluster to an account.
RevokeAccountPrivilege Revokes access permissions on one or more databases from an account for a specified cluster.
ResetAccount Resets permissions of an account.
DeleteAccount Deletes an account.