This topic describes how to create a database account on an RDS for MariaDB instance.

Account types

ApsaraDB RDS for MariaDB supports privileged and standard database accounts. You can manage all accounts and databases in the ApsaraDB for RDS console.
Account type Description
Privileged account
  • You can create and manage the privileged accounts by using the ApsaraDB for RDS console or APIs.
  • You can create only one privileged account on each RDS instance. The privileged account can be used to manage all standard accounts and databases on the instance.
  • A privileged account allows you to manage permissions to a fine level. For example, you can grant each standard account the permissions to query specific tables.
  • A privileged account has all permissions on databases created on the instance.
  • A privileged account has permissions to disconnect all standard accounts on the instance.
Standard account
  • You can create and manage standard accounts by using the ApsaraDB for RDS console, APIs, or SQL statements.
  • You can create more than one standard account on each instance. The maximum number of standard accounts varies based on the database engine of the instance.
  • You must manually grant standard accounts the permissions on specific databases.
  • You cannot use a standard account to create, manage, or disconnect other accounts from databases.

Create a privileged account

  1. Log on to the ApsaraDB for RDS console.
  2. In the top navigation bar, select the region where the target RDS instance resides.Select a region
  3. Find the target RDS instance and click its ID.
  4. In the left-side navigation pane, click Accounts.
  5. Click Create Account.
  6. In the Create Account pane, configure the following parameters.
    Parameter Description
    Database Account

    Enter the account name. The account name must meet the following requirements:

    • Must be 2 to 16 characters in length.
    • Starts with a letter and ends with a letter or digit.
    • Contains lowercase letters, digits, or underscores (_).
    • Cannot be the same as the name of an existing account.
    Note If the name of the privileged account is the same as that of an existing standard account, the privileged account replaces the standard account.
    Account Type Select Privileged Account.
    Password

    Enter the account password. The password must meet the following requirements:

    • Must be 8 to 32 characters in length.
    • Contains at least three of the following character types: uppercase letters, lowercase letters, digits.
    • Special characters, including !@#$%^&*()_+-=
    Confirm Password Enter the account password again.
    Description Enter a description that helps identify the account. The description can be up to 256 characters in length.
  7. Click OK.

Reset permissions of the privileged account

If the privileged account of your RDS instance encounters exceptions, for example, its permissions are revoked by accident, follow these steps to reset the permissions:

  1. Log on to the ApsaraDB for RDS console.
  2. In the top navigation bar, select the region where the target RDS instance resides.Select a region
  3. Find the target RDS instance and click its ID.
  4. In the left-side navigation pane, click Accounts.
  5. Find the privileged account, and click Reset Permissions in the Actions column.
  6. Enter the password of the privileged account to reset its permissions.

Create a standard account

  1. Log on to the ApsaraDB for RDS console.
  2. In the top navigation bar, select the region where the target RDS instance resides.Select a region
  3. Find the target RDS instance and click its ID.
  4. In the left-side navigation pane, click Accounts.
  5. Click Create Account.
  6. In the Create Account pane, configure the following parameters.
    Parameter Description
    Database Account

    Enter the account name. The account name must meet the following requirements:

    • Must be 2 to 16 characters in length.
    • Starts with a letter and ends with a letter or digit.
    • Contains lowercase letters, digits, or underscores (_).
    Account Type Select Standard Account.
    Authorized Databases Select one or more databases on which you want to grant permissions to the account. You can leave this parameter empty and grant account permissions on specific databases when you create the databases.
    1. Select one or more databases from the Unauthorized Databases box and click the right arrow to add them to the Authorized Databases box.
    2. In the Authorized Databases box, select Read/Write, Read-only, DDL Only, or DML Only for each authorized database.

      If you want to grant the same permissions on multiple authorized databases at a time, select the authorized databases and click the button in the upper-right corner. For example, click Set All to Read/Write.

      Note The button in the upper-right corner changes after you click it. For example, after you click Set All to Read/Write, the button changes to Set All to Read-only.
    Password

    Enter the account password. The password must meet the following requirements:

    • Must be 8 to 32 characters in length.
    • Contains at least three of the following character types: uppercase letters, lowercase letters, digits, and special characters.
    • Special characters, including !@#$%^&*()_+-=
    Confirm Password Enter the account password again.
    Description Optional. Enter a description that helps identify the account. The description can be up to 256 characters in length.
  7. Click OK.

Related operations

Operation Description
CreateAccount Creates a database account.