AnalyticDB for MySQL uses two separate identity systems: Resource Access Management (RAM) users for cluster-level management and database accounts for database-level operations. To bridge these two systems — for example, to let a RAM user develop jobs or let a standard account read Object Storage Service (OSS) external tables — you must associate a standard account with a RAM user.
Prerequisites
Before you begin, make sure you have:
Identity systems and when to associate them
AnalyticDB for MySQL has two distinct account types that operate at different levels:
| Account type | Scope | Example operations |
|---|---|---|
| RAM user | Cluster level | Create a cluster, configure an IP address whitelist, create a database account |
| Database account | Database level | Create a database, create a table, create a view |
For a complete overview of account types, see Account types.
Default behavior: Privileged accounts are automatically associated with the current Alibaba Cloud account or RAM user.
Using Spark in the Data Management (DMS) console as a RAM user requires two associations:
Associate a standard account with the RAM user.
Associate a privileged account with the Alibaba Cloud account of the RAM user.
The following table shows when an association is required:
| Scenario | Identity used to access | Must be mapped to | Purpose |
|---|---|---|---|
| SQL editor | RAM user | Standard account | Read and write tables |
| Java Database Connectivity (JDBC) connection | Standard account | RAM user | Read and write external tables, such as OSS external tables |
| Spark application | RAM user | Standard account | Connect to the AnalyticDB for MySQL cluster |
Associate a database account with a RAM user
Log on to the AnalyticDB for MySQL console. In the upper-left corner, select a region. In the left-side navigation pane, click Clusters. On the Enterprise Edition, Basic Edition, or Data Lakehouse Edition tab, find the cluster and click its cluster ID.
In the left-side navigation pane, click Accounts.
On the Database Accounts tab, find the database account and choose Manage RAM Association in the Actions column.
In the Manage RAM Association panel, enter the RAM user ID. To find the ID, view the basic information of the RAM user in the RAM console.
Click OK.
Disassociate a database account from a RAM user
On the Database Accounts tab, find the database account and choose Manage RAM Association in the Actions column.
In the Manage RAM Association panel, click the
icon next to the RAM user ID, then click OK.