This topic describes how to create an account for an RDS for MySQL instance.

Account types

RDS for MySQL supports two types of database accounts: premier accounts and standard accounts. You can manage all your accounts and databases in the console. For specific permissions, see Account permissions.

Account type Description
Premier account
  • Can only be created and managed through the console or API.
  • Each instance can have only one premier account, which can be used to manage all databases and standard accounts.
  • Has more permissions than standard accounts and can manage permissions at a more fine-grained level. For example, it can assign table-level query permissions to other accounts.
  • Can disconnect the connections established by any other accounts.
Standard account
  • Can be created and managed through the console, API, or SQL statements.
  • Each instance can have up to 200 standard accounts.
  • Need to be manually granted with database permissions.
  • Cannot create or manage other accounts, or terminate the connections established by other accounts.
Account Type Number of databases Number of tables Number of users
Premier account Unlimited < 200,000 Varies depending on the instance kernel parameters.
Standard account 500 < 200,000 Varies depending on the instance kernel parameters.

Create a premier account

  1. Log on to the RDS console.
  2. In the upper-left corner, select the region where the target RDS instance is located.
    选择地域
  3. Find the target RDS instance and click its ID.
  4. In the left-side navigation pane, click Accounts.
  5. Click Create Account.
  6. Set the following parameters.
    Parameter Description
    Database Account The account name contains 2 to 16 characters, including lowercase letters, digits, and underscores (_). It must begin with a letter and end with a letter or digit.
    Account Type Select Premier Account.
    Password

    The password contains 8 to 32 characters, including at least three of the following types of characters: uppercase letters, lowercase letters, digits, and special characters. The allowed special characters are as follows:

    ! @ # $ % ^ & * ( ) _ + - =

    Re-enter Password Enter the password again.
    Note Optional. Enter the other account information that helps to better manage the account. You can enter up to 256 characters.
  7. Click OK.

Reset the permissions of a premier account

If the premier account of an RDS instance is abnormal (for example, the account permissions are unexpectedly revoked), you can reset the permissions.

  1. Log on to the RDS console.
  2. In the upper-left corner, select the region where the target RDS instance is located.
    选择地域
  3. Find the target RDS instance and click its ID.
  4. In the left-side navigation pane, click Accounts.
  5. Find the premier account and in the Actions column click Reset Permissions.
  6. Enter the password of the premier account and click OK.

Create a standard account

  1. Log on to the RDS console.
  2. In the upper-left cornere, select the region where the target RDS instance is located.
    选择地域
  3. Find the target RDS instance and click its ID.
  4. In the left-side navigation pane, click Accounts.
  5. Click Create Account.
  6. Set the following parameters.
    Parameter Description
    Database Account The account name contains 2 to 16 characters, including lowercase letters, digits, or underscores (_). It must begin with a letter and end with a letter or digit.
    Account Type Select Standard Account.
    Authorized Databases Grant permissions on one or more databases to the account. This parameter is optional. You can choose to grant permissions to the account after the account is created.
    1. Select one or more databases from the left area and click Authorize > to add them to the right area.
    2. In the right area, click Read/Write, Read-only, DDL Only, or DML Only.

      If you want to grant the permissions for multiple databases in batches, select all the databases and in the upper-right corner click the button such as Full Control Read/Write.

      Note The button in the upper-right corner changes as you click. For example, after you click Full Control Read/Write, the permission changes to Full Control Read-only.
    Password

    The password must contain 8 to 32 characters, including at least three of the following types of characters: uppercase letters, lowercase letters, digits, and special characters. The allowed special characters are as follows:

    ! @ # $ % ^ & * ( ) _ + - =

    Re-enter Password Enter the password again.
    Note Optional. Enter the other account information that helps to better manage the account. You can enter up to 256 characters.
  7. Click OK.

Account permissions

Account type Permission type Permission
Premier account N/A SELECT INSERT UPDATE DELETE CREATE
DROP RELOAD PROCESS REFERENCES INDEX
ALTER CREATE TEMPORARY TABLES LOCK TABLES EXECUTE REPLICATION SLAVE
REPLICATION CLIENT CREATE VIEW SHOW VIEW CREATE ROUTINE ALTER ROUTINE
CREATE USER EVENT TRIGGER N/A N/A
Standard account Read-only SELECT LOCK TABLES SHOW VIEW PROCESS REPLICATION SLAVE
REPLICATION CLIENT N/A N/A N/A N/A
Read/write SELECT INSERT UPDATE DELETE CREATE
DROP REFERENCES INDEX ALTER CREATE TEMPORARY TABLES
LOCK TABLES EXECUTE CREATE VIEW SHOW VIEW CREATE ROUTINE
ALTER ROUTINE EVENT TRIGGER PROCESS REPLICATION SLAVE
REPLICATION CLIENT N/A N/A N/A N/A
DDL only CREATE DROP INDEX ALTER CREATE TEMPORARY TABLES
LOCK TABLES CREATE VIEW SHOW VIEW CREATE ROUTINE ALTER ROUTINE
PROCESS REPLICATION SLAVE REPLICATION CLIENT N/A N/A
DML only SELECT INSERT UPDATE DELETE CREATE TEMPORARY TABLES
LOCK TABLES EXECUTE SHOW VIEW EVENT TRIGGER
PROCESS REPLICATION SLAVE REPLICATION CLIENT N/A N/A

APIs

API Description
CreateAccount Used to create an account for an RDS instance.