This topic describes how to create accounts and databases for an ApsaraDB RDS for MySQL instance.
For more information about how to create accounts and databases for RDS instances that run other database engines, see the following topics:
- Create accounts and databases for an ApsaraDB for RDS instance running SQL Server 2012, 2016, 2017 SE, or 2019
- Create accounts and databases for an ApsaraDB for RDS instance running SQL Server 2008 R2
- Create accounts and databases for an ApsaraDB RDS for PostgreSQL instance
- Create accounts and databases for an ApsaraDB RDS for PPAS instance
- Create accounts and databases for an ApsaraDB RDS for MariaDB instance
Account types
ApsaraDB RDS for MySQL supports two types of accounts: privileged accounts and standard accounts. You can manage all accounts and databases of your RDS instance in the ApsaraDB for RDS console. For more information about the permissions that can be granted to each type of account, see Account permissions.Account type | Description |
---|---|
Privileged account |
|
Standard account |
|
Account type | Maximum number of databases | Maximum number of tables | Maximum number of accounts |
---|---|---|---|
Privileged account | Unlimited | < 200,000 | Varies based on the database engine parameter settings. |
Standard account | 500 | < 200,000 | Varies based on the database engine parameter settings. |
Comparison between privileged and superuser accounts
To reduce unintentional operations that may interrupt your workloads, ApsaraDB RDS for MySQL does not provide a superuser account. Only a privileged account is provided for you to manage all of the databases and standard accounts that are created on your RDS instance.
Privileged account
- The privileged account is granted the highest permissions. For more information, see Permissions of various accounts.
- The privileged account has the permissions to disconnect all standard accounts.
Superuser account
- The superuser account has the permissions to close the connections for all queries.
- The superuser account has the permissions to modify global variables by executing the SET statement.
- The superuser account has the permissions to execute the CHANGE MASTER and PURGE MASTER LOGS statements.
- The superuser account has the permissions to edit the files on the physical server that hosts your RDS instance.
Create a privileged account
Create a standard account
Create a database
Permissions of various accounts
Account type | Permission | Operation | ||||
---|---|---|---|---|---|---|
Privileged account | - | SELECT | INSERT | UPDATE | DELETE | CREATE |
DROP | RELOAD | PROCESS | REFERENCES | INDEX | ||
ALTER | CREATE TEMPORARY TABLES | LOCK TABLES | EXECUTE | REPLICATION SLAVE | ||
REPLICATION CLIENT | CREATE VIEW | SHOW VIEW | CREATE ROUTINE | ALTER ROUTINE | ||
CREATE USER | EVENT | TRIGGER | ||||
Standard account | Read-only | SELECT | LOCK TABLES | SHOW VIEW | PROCESS | REPLICATION SLAVE |
REPLICATION CLIENT | ||||||
Read/Write | SELECT | INSERT | UPDATE | DELETE | CREATE | |
DROP | REFERENCES | INDEX | ALTER | CREATE TEMPORARY TABLES | ||
LOCK TABLES | EXECUTE | CREATE VIEW | SHOW VIEW | CREATE ROUTINE | ||
ALTER ROUTINE | EVENT | TRIGGER | PROCESS | REPLICATION SLAVE | ||
REPLICATION CLIENT | ||||||
DDL Only | CREATE | DROP | INDEX | ALTER | CREATE TEMPORARY TABLES | |
LOCK TABLES | CREATE VIEW | SHOW VIEW | CREATE ROUTINE | ALTER ROUTINE | ||
PROCESS | REPLICATION SLAVE | REPLICATION CLIENT | ||||
DML Only | SELECT | INSERT | UPDATE | DELETE | CREATE TEMPORARY TABLES | |
LOCK TABLES | EXECUTE | SHOW VIEW | EVENT | TRIGGER | ||
PROCESS | REPLICATION SLAVE | REPLICATION CLIENT |
FAQ
- After I create accounts on my primary RDS instance, can I manage the accounts from
the read-only RDS instances?
No, although the accounts created on your primary RDS instance are synchronized to the read-only RDS instances, you cannot manage the accounts from the read-only RDS instances. The accounts have only the read permissions on the read-only RDS instances.
- Can I manage accounts at fine-grained levels, such as the source IP address and table
levels?
Yes, after you connect to your RDS instance, you can use commands to manage accounts at fine-grained levels, such as the source IP address and table levels. For more information, see Connect to an ApsaraDB RDS for MySQL instance.
- Does ApsaraDB RDS provide a superuser account such as the root user?
No, ApsaraDB RDS does not provide a superuser account such as the root user. This allows you to protect your RDS instance from damages such as data losses and leaks that are caused by unintentional operations.
Related operations
API | Description |
---|---|
Create account | Creates an account for an ApsaraDB RDS instance. |
Create database | Creates a database for an ApsaraDB RDS instance. |