This topic describes how to create an account on an ApsaraDB RDS for PostgreSQL instance.
Account types
ApsaraDB RDS for PostgreSQL instances support two types of accounts: privileged accounts and standard accounts. The following table describes these account types.
Account type | Description |
---|---|
Privileged account |
|
Standard account |
|
Precautions
- If your RDS instance uses local SSDs, you can create one privileged account in the ApsaraDB RDS console. After the privileged account is created, it cannot be deleted. You can also create and manage more than one standard account by using SQL statements.
- If your RDS instance uses standard or enhanced SSDs, you can create more than one privileged account and standard account in the ApsaraDB RDS console. You can also create and manage more than one standard account by using SQL statements.
- To migrate data from an on-premises database to your RDS instance, you must create a database and an account on the RDS instance. Make sure that the created database has the same properties as the on-premises database. Also make sure that the created account has the same permissions on the created database as the account that is authorized to manage the on-premises database.
- Follow the least privilege principle to create accounts and grant them appropriate read-only and read/write permissions on databases. If necessary, you can create more than one account and grant them only the permissions on specific databases. If an account does not need to write data to a database, grant only the read-only permissions on that database to the account.
- For security purposes, we recommend that you specify strong passwords for the accounts on your RDS instance and change the passwords on a regular basis.
Create an account on an RDS instance that uses standard or enhanced SSDs
Create an account on an RDS instance that uses local SSDs
Related operations
Operation | Description |
---|---|
CreateAccount | Creates an account on an ApsaraDB for RDS instance. |