provides the account management feature. This topic describes how to create an account, modify account permissions, and reset the account password in the console.

Precautions

  • The account management feature is only available on instances of 5.3.6 10460044 and later.
  • In the console, you can only authorize DML, DDL, read-only, and read/write permissions to standard accounts. To grant more permissions, use SQL statements. For more information, see Basic SQL operations.

Account types and permissions

  • instances support the following two types of database accounts.
    Account type Description
    Privileged account
    • You can create or manage privileged accounts by using SQL statements only. For more information, see Basic SQL operations.
    • You can create only one privileged account on each instance, and can use this privileged account to manage all standard accounts and databases on the instance.
    • A privileged account is granted with more permissions to enable personalized and refined management over permissions. For example, you can grant different users the permissions to query different tables.
    • A privileged account has all the permissions on all the databases on the instance and can disconnect all accounts.
    Standard account
    • You can create or manage standard accounts in the console, by calling API operations, or executing SQL statements.
    • You can create one or more standard accounts on each instance. The allowed maximum number of standard accounts depends on the kernel engine of the instance.
    • You must manually grant standard accounts the permissions on specific databases.
    • You cannot use a standard account to create or manage other accounts, or disconnect other accounts from databases.
  • The following table shows the support for SQL operations by different account types with different permissions.
    Account type Permission SELECT INSERT UPDATE DELETE INDEX ALTER CREATE DROP GRANT
    Standard account DDL Not supported Not supported Not supported Not supported Supported Supported Supported Supported Not supported
    DML Supported Supported Supported Supported Not supported Not supported Not supported Not supported Not supported
    Read-only Supported Not supported Not supported Not supported Not supported Not supported Not supported Not supported Not supported
    Read/write Supported Supported Supported Supported Supported Supported Supported Supported Not supported
    Privileged account Root Supported Supported Supported Supported Supported Supported Supported Supported Supported

Create an account

  1. Log on to the DRDS console.
  2. In the top navigation bar, select the region where the target instance is located.
  3. In the left-side navigation pane, click Instances.
  4. Find the target instance and click its ID.
  5. In the left-side navigation pane, click Account Management.
  6. In the upper-right corner of the page, click Create an Account.
    Note You can create only a standard account in the console. If you need to create a privileged account, use SQL statements. For more information, see Basic SQL operations.
  7. In the dialog box that appears, set the following parameters.
    Parameter Description
    Database Account Enter the account name.
    Note An account name must meet the following requirements:
    • The account name must be 2 to 16 characters in length and can contain lowercase letters, digits, and special characters.
    • The account name must start with a letter and end with a letter or digit.
    • The account name cannot be the same as the name of an existing account.
    • After the account is created, the full name of the account is composed of the name you entered and the host name. The host name is % by default, which means that this account is allowed to log on to the database from all hosts.
    New Password Enter the account password.
    Note An account password must meet the following requirements:
    • The password must be 8 to 32 characters in length.
    • The password must contain at least three of the following character types: uppercase letters, lowercase letters, digits, and special characters.
    • The following special characters are allowed:

      ! @#$%^&*()_+-=

    Confirm New Password Enter the password again.
    Authorization Database You can grant permissions on one or more databases to the account.
    1. Select one or more databases and click Authorization> to move them from the Databases List box on the left to the Authorized Databases box on the right.
    2. In the Authorized Databases area on the right, select the permissions on the target databases.
    Note
    • The default permission is Read-only. You can also modify the permission to Read/Write, DDL Only or DML Only.
    • If you need to grant the same permission on multiple databases, you can click the corresponding button next to Permissions in the upper-right corner of the Authorized Databases area, such as Set All to Read/Write.
  8. Click OK.

Modify the permissions of a standard account

  1. Log on to the DRDS console.
  2. In the top navigation bar, select the region where the target instance is located.
  3. In the left-side navigation pane, click Instances.
  4. Find the target instance and click its ID.
  5. In the left-side navigation pane, click Account Management.
  6. Find the target account and click Modify Permission in the Actions column.
    1
    Note A privileged account has all the permissions on all databases, therefore, you do not need to Modify Permission for a privileged account.
  7. In the dialog box that appears, set the following parameters.
    Parameter Description
    Authorization Database You can modify the permissions on one or more databases for the account.
    1. Select one or more databases and click Authorization> or <Remove to add them to or remove them from the account.
    2. In the Authorized Databases box on the right, select the permissions on the target databases.
    Note
    • You can also change the permission to Read-only, Read/Write, DDL Only or DML Only.
    • If you need to grant the same permission on multiple databases, you can click the corresponding button next to Permissions in the upper-right corner of the Authorized Databases area, such as Set All to Read/Write.
  8. Click OK.

Reset the account password

  1. Log on to the DRDS console.
  2. In the top navigation bar, select the region where the target instance is located.
  3. In the left-side navigation pane, click Instances.
  4. Find the target instance and click its ID.
  5. In the left-side navigation pane, click Account Management.
  6. Find the target account and click Reset Password in the Actions column.
    2
  7. In the dialog box that appears, set the following parameters.
    Parameter Description
    New Password Enter the account password.
    Note An account password must meet the following requirements:
    • The password must be 8 to 32 characters in length.
    • The password must contain at least three of the following character types: uppercase letters, lowercase letters, digits, and special characters.
    • The following special characters are allowed:

      ! @#$%^&*()_+-=

    Confirm New Password Enter the password again.
  8. Click OK.

Delete an account

  1. Log on to the DRDS console.
  2. In the top navigation bar, select the region where the target instance is located.
  3. In the left-side navigation pane, click Instances.
  4. Find the target instance and click its ID.
  5. In the left-side navigation pane, click Account Management.
  6. Find the target account and click Delete in the Actions column.
    1
    Note The console does not support deleting privileged accounts. However, you can delete a privileged account by using SQL statements. For more information, see Basic SQL operations.
  7. In the dialog box that appears, click OK.