After you create an ApsaraDB RDS for PPAS instance, you must create databases and accounts on the instance before you can use the instance. This topic describes how to create an account on an ApsaraDB RDS for PPAS instance.
Precautions
- The PPAS database engine requires you to create a privileged account in the ApsaraDB RDS console. Then, you can create and manage databases by using Alibaba Cloud Data Management (DMS).
- Databases on the same RDS instance share all of the resources that belong to the instance. Each RDS instance supports one privileged account and multiple standard accounts. You can create and manage standard accounts by using SQL statements.
- If you want to migrate data from an on-premises database to an RDS instance, you must log on to the RDS instance and create a database and an account with the same names as the on-premises database and its authorized account.
- Follow the least privilege principle to create accounts and grant them read-only permissions or both read and write permissions on databases based on your business requirements. If necessary, you can create more than one account and grant them only the permissions on specific databases. If an account does not need to write data to a database, grant only the read-only permissions on that database to the account.
- For security purposes, we recommend that you configure strong passwords for the accounts that are created on your RDS instance. In addition, we recommend that you change the passwords on a regular basis.
- After you create a privileged account for your RDS instance, you cannot delete the privileged account.
Create a privileged account
Create a standard account
To create a standard account, you must log on to the RDS instance by using DMS and then execute the following statement:
CREATE ROLE "username" CREATEDB CREATEROLE LOGIN ENCRYPTED PASSWORD 'password';
For more information about how to connect to an RDS instance, see Connect to an ApsaraDB RDS for PPAS instance.