This topic describes how to create accounts and databases for an RDS for MySQL instance.
Account types
For information about how to create accounts and databases for other DB engines, see the following resources:
- Create databases and accounts for an RDS for SQL Server 2017 instance
- Create databases and accounts for an RDS for SQL Server 2012 or 2016 instance
- Create databases and accounts for an RDS for SQL Server 2008 R2 instance
- Create databases and accounts for an PostgreSQL instance
- Create databases and accounts for an RDS for PPAS instance
- Create accounts and databases for an RDS for MariaDB instance
| Account type | Description |
|---|---|
| Premier account |
|
| Standard account |
|
| Account Type | Number of databases | Number of tables | Number of users |
|---|---|---|---|
| Premier account | Unlimited | < 200,000 | Varies depending on the instance kernel parameters. |
| Standard account | 500 | < 200,000 | Varies depending on the instance kernel parameters. |
Differences between the premier account permissions and SUPER permissions
Premier account permissions
- Can manage all databases and standard accounts. Supported database permissions according to account type lists the permissions of the premier account.
- Can terminate the connections established by other accounts.
- Running the
show processlistcommand shows only the processes of the current account, excluding processes on the control level.
SUPER permissions
To prevent potential incorrect operations, RDS for MySQL does not provide the SUPER permissions.- Can terminate any connections.
- Running the
show processlistcommand shows all processes, including processes on the control level. - Can use the
SETstatement to modify any global variables. - Can use the CHANGE MASTER and PURGE MASTER LOGS commands.
- Can perform operations on files stored on the host.
Create the premier account
- Log on to the RDS console.
- Select the target region.
- Find the target RDS instance and click the instance ID.
- In the left-side navigation pane, click Accounts.
- Click Create Account.
- Set the following parameters.
Parameter Description Database Account The account name must be 2 to 16 characters in length and can contain lowercase letters, numbers, and underscores (_). It must start with a letter and end with a letter or number. Account Type Select Premier Account. Password The account password must be 8 to 32 characters in length and contain at least three of the following types of characters: uppercase letters, lowercase letters, numbers, and special characters. The allowed special characters are as follows:
! @ # $ % ^ & * ( ) _ + - =
Re-enter Password Enter the password again. Note Optional. Enter details about the premier account to better identify it. You can enter up to 256 characters. - Click OK.
Reset the permissions of the premier account
If the premier account is abnormal (for example, the account permissions are unexpectedly revoked), you can reset the permissions. To do so, follow these steps:
- Log on to the RDS console.
- Select the target region.
- Find the target RDS instance and click the instance ID.
- In the left-side navigation pane, click Accounts.
- Find the premier account and in the Actions column click Reset Permissions.
- Enter the password of the premier account and click OK.
Create a standard account
- Log on to the RDS console.
- Select the target region.
- Find the target RDS instance and click the instance ID.
- In the left-side navigation pane, click Accounts.
- Click Create Account.
- Set the following parameters.
Parameter Description Database Account The account name must be 2 to 16 characters in length and can contain lowercase letters, numbers, and underscores (_). It must start with a letter and end with a letter or number. Account Type Select Standard Account. Authorized Databases Grant permissions on one or more databases to the account. This parameter is optional. You can also grant permissions to the account after the account is created. - Select one or more databases from the left area and click Authorize > to add the selected databases to the right area.
- In the right area, click Read/Write, Read-only, DDL Only, or DML Only.
If you want to grant the permissions for multiple databases in batches, select all the databases and in the upper-right corner click the button such as Full Control Read/Write.
Note The button in the upper-right corner changes as you click. For example, after you click Full Control Read/Write, the permission changes to Full Control Read-only.
Password The account password must be 8 to 32 characters in length can contain at least three of the following types of characters: uppercase letters, lowercase letters, numbers, and special characters. The allowed special characters are as follows:
! @ # $ % ^ & * ( ) _ + - =
Re-enter Password Enter the password again. Note Optional. Enter details about the standard account to better identify it. You can enter up to 256 characters. - Click OK.
Create a database
- Log on to the RDS console.
- Select the target region.
- Find the target RDS instance and click the instance ID.
- In the left-side navigation pane, click Databases.
- Click Create Database.
- Set the following parameters.
Parameters Description Database Name The account name must be 2 to 16 characters in length and can contain lowercase letters, numbers, underscores (_), and hyphens (-). It must start with a letter and end with a letter or number. Supported Character Set Select utf8, gbk, latin1, or utf8mb4. If you need another character set, select all and then select the character set from the list.
Authorized Account Select the account that needs to access this database. You can also leave this parameter blank and set the authorized account after the database is created. Note Only standard accounts are displayed, because the premier account has all permissions for all databases.Account Type Select Read/Write, Read-only, DDL only, or DML only. Description Optional. Enter details about the database to better identify it. You can enter up to 256 characters. - Click OK.
Supported database permissions according to account type
| Account type | Permission type | Permission | ||||
|---|---|---|---|---|---|---|
| Premier account | N/A | SELECT | INSERT | UPDATE | DELETE | CREATE |
| DROP | RELOAD | PROCESS | REFERENCES | INDEX | ||
| ALTER | CREATE TEMPORARY TABLES | LOCK TABLES | EXECUTE | REPLICATION SLAVE | ||
| REPLICATION CLIENT | CREATE VIEW | SHOW VIEW | CREATE ROUTINE | ALTER ROUTINE | ||
| CREATE USER | EVENT | TRIGGER | N/A | N/A | ||
| Standard account | Read-only | SELECT | LOCK TABLES | SHOW VIEW | PROCESS | REPLICATION SLAVE |
| REPLICATION CLIENT | N/A | N/A | N/A | N/A | ||
| Read/write | SELECT | INSERT | UPDATE | DELETE | CREATE | |
| DROP | REFERENCES | INDEX | ALTER | CREATE TEMPORARY TABLES | ||
| LOCK TABLES | EXECUTE | CREATE VIEW | SHOW VIEW | CREATE ROUTINE | ||
| ALTER ROUTINE | EVENT | TRIGGER | PROCESS | REPLICATION SLAVE | ||
| REPLICATION CLIENT | N/A | N/A | N/A | N/A | ||
| DDL only | CREATE | DROP | INDEX | ALTER | CREATE TEMPORARY TABLES | |
| LOCK TABLES | CREATE VIEW | SHOW VIEW | CREATE ROUTINE | ALTER ROUTINE | ||
| PROCESS | REPLICATION SLAVE | REPLICATION CLIENT | N/A | N/A | ||
| DML only | SELECT | INSERT | UPDATE | DELETE | CREATE TEMPORARY TABLES | |
| LOCK TABLES | EXECUTE | SHOW VIEW | EVENT | TRIGGER | ||
| PROCESS | REPLICATION SLAVE | REPLICATION CLIENT | N/A | N/A | ||
FAQ
Can I use an account that I create to operate read-only instance?
An account created in your master RDS instance is synchronized to the read-only instances attached to the master instance. However, you cannot manage the account in the read-only instances. The account only has the read permissions for the read-only instances.
APIs
| API | Description |
|---|---|
| CreateAccount | Used to create an account for an RDS instance. |
| CreateDatabase | Used to create a database for an RDS instance. |