This topic describes how to create an account for an ApsaraDB RDS for PostgreSQL instance.

Precautions

  • For an ApsaraDB RDS for PostgreSQL instance with local SSDs, you can create a privileged account and multiple standard accounts in the ApsaraDB for RDS console. A privileged account cannot be deleted after it is created. You can also create and manage standard accounts by using SQL statements.
  • For an ApsaraDB RDS for PostgreSQL instance with cloud disks, you can create multiple privileged accounts and standard accounts in the ApsaraDB for RDS console. You can also create and manage standard accounts by using SQL statements.
  • To migrate data from an on-premises database to an ApsaraDB for RDS instance, you must create a database and an account in the RDS instance. Ensure that the database has the same properties as the on-premises database, and the account of the database has the same permissions as the account of the on-premises database.
  • Use service roles to create accounts and follow the principle of least privilege to assign appropriate read-only and read/write permissions to the accounts. When necessary, you can create multiple database accounts and allow each of them to access only data relevant to their own business tasks. If an account does not need to write data to a database, assign the read-only permissions to the account.
  • To ensure database security, set strong account passwords and change the passwords on a regular basis.

Create an account for an ApsaraDB RDS for PostgreSQL instance with cloud disks

  1. Log on to the ApsaraDB for RDS console.
  2. In the upper-left corner of the page, select the region where the instance is located.
    Select a region
  3. Find the target instance and click its ID.
  4. In the left-side navigation pane, click Accounts.
  5. Click Create Account.
  6. Configure the following parameters.
    Create an account for PostgreSQL instance with cloud disks
    Parameter Description
    Database Account
    • The account name must be 2 to 16 characters in length.
    • It can contain lowercase letters, digits, and underscores (_).
    • It must start with a letter and end with a letter or digit.
    • The account name cannot be the same as the name of an existing account.
    Account Type ApsaraDB RDS for PostgreSQL instances support two types of database accounts: privileged accounts and standard accounts. For more information, see Account types.
    Password
    • The password must be 8 to 32 characters in length.
    • It must contain at least three of the following character types: uppercase letters, lowercase letters, digits, and special characters.
    • Special characters include: ! @ # $ % ^ & * ( ) _ + - =
    Re-enter Password Enter the same password again.
    Description The description of the account.
  7. Click Create.

Create an account for an ApsaraDB RDS for PostgreSQL instance with local SSDs

  1. Log on to the ApsaraDB for RDS console.
  2. In the upper-left corner of the page, select the region where the instance is located.
    Select a region
  3. Find the target instance and click its ID.
  4. In the left-side navigation pane, click Accounts.
  5. Click Create Account.
  6. Configure the following parameters.
    Create account
    Parameter Description
    Database Account
    • The account name must be 2 to 16 characters in length.
    • It can contain lowercase letters, digits, and underscores (_).
    • It must start with a letter and end with a letter or digit.
    • The account name cannot be the same as the name of an existing account.
    Password
    • The password must be 8 to 32 characters in length.
    • It must contain at least three of the following character types: uppercase letters, lowercase letters, digits, and special characters.
    • Special characters include: ! @ # $ % ^ & * ( ) _ + - =
    Re-enter Password Enter the same password again.
  7. Click OK.
    Note You have created a privileged account. For more information about how to create a standard account, see the following steps.
  8. In the upper-right corner of the page, click Log On to DB to go to the RDS Database Logon page.
  9. Configure the following parameters.
    Log on to DMS
    Parameter Description
    Network address:Port The endpoint and port information used to connect to the RDS instance. For more information, see View the internal and public endpoints of an instance.
    Database Username The name of the account to access the database.
    Password The password of the account to access the database.
  10. Click Log On.
    Note If the system prompts you to add the CIDR block of the DMS server to the RDS whitelist, click Configure Whitelist.
  11. After you have logged on to the RDS instance, choose SQL Operations > SQL Window in the top navigation bar.
  12. In the SQL window, execute the following statement to create a standard account: 
    CREATE USER name [ [ WITH ] option [ ... ] ]
where option can be:
   SUPERUSER | NOSUPERUSER
 | CREATEDB | NOCREATEDB
 | CREATEROLE | NOCREATEROLE
 | CREATEUSER | NOCREATEUSER
 | INHERIT | NOINHERIT
 | LOGIN | NOLOGIN
 | REPLICATION | NOREPLICATION
 | CONNECTION LIMIT connlimit
 | [ ENCRYPTED | UNENCRYPTED ] PASSWORD 'password'
 | VALID UNTIL 'timestamp'
 | IN ROLE role_name [, ...]
 | IN GROUP role_name [, ...]
 | ROLE role_name [, ...]
 | ADMIN role_name [, ...]
 | USER role_name [, ...]
 | SYSID uid

    For example, if you want to create a user account named test2 and the password 123456, execute the following statement: 

    CREATE USER test2 PASSWORD '123456';

Related API operations

API operation Description
CreateAccount Creates an account.