AnalyticDB for MySQL uses two types of database accounts — privileged accounts and standard accounts — to separate administrative control from day-to-day database access. Create a privileged account first, then create standard accounts and grant them the permissions they need.
Prerequisites
Before you begin, ensure that you have:
An AnalyticDB for MySQL cluster
Access to the AnalyticDB for MySQL console with cluster management permissions
Account types
Privileged and standard accounts serve different purposes. The privileged account is the cluster-wide administrator; standard accounts handle day-to-day database operations and are scoped to specific databases or tables.
| Account type | Description |
|---|---|
| Privileged account | The cluster administrator account. Manages all standard accounts and databases, can close any database connection, and has full control over the cluster. Supports fine-grained permission control — for example, you can grant each standard account permissions to query specific tables. Equivalent to a root account in MySQL. Each cluster has exactly one privileged account, which can only be created and managed in the console. |
| Standard account | A database-level account for daily operations. Each cluster supports up to 256 standard accounts. Standard accounts cannot close connections established by other standard accounts. Permissions must be granted explicitly after account creation. |
How you create standard accounts depends on the cluster edition:
Enterprise Edition, Basic Edition, and Data Lakehouse Edition: create standard accounts in the console or by executing SQL statements.
Data Warehouse Edition: create standard accounts by executing SQL statements only. The console does not support standard account creation for this edition.
Create a privileged account
Log in to the AnalyticDB for MySQL console. In the upper-left corner, select a region. In the left-side navigation pane, click Clusters.
On the Clusters page, click an edition tab, find the cluster you want to manage, and click the cluster ID.
In the left-side navigation pane, click Accounts.
Create the privileged account:
Enterprise Edition, Basic Edition, and Data Lakehouse Edition: click Create Account.
Data Warehouse Edition: click Create Privileged Account.
In the panel that opens, configure the following parameters:
Parameter Description Database Account The account name. Follow the naming rules shown on screen. Account Type Select Privileged Account. For Data Warehouse Edition clusters, this is set automatically. New Password The account password. Follow the password requirements shown on screen. Confirm Password Re-enter the password to confirm. Description (Optional) A note to help identify the account. Click OK.
Create a standard account
Console
Console-based creation is supported for Enterprise Edition, Basic Edition, and Data Lakehouse Edition clusters only.
Log in to the AnalyticDB for MySQL console. In the upper-left corner, select a region. In the left-side navigation pane, click Clusters.
On the Clusters page, click an edition tab, find the cluster you want to manage, and click the cluster ID.
In the left-side navigation pane, click Accounts.
Click Create Account.
In the Create Account panel, configure the following parameters:
To let a Resource Access Management (RAM) user perform SQL development in the console for Enterprise Edition, Basic Edition, and Data Lakehouse Edition clusters, create a standard account and associate it with the RAM user.
Parameter Description Database Account The account name. Follow the naming rules shown on screen. Account Type Select Standard Account. New Password The account password. Follow the password requirements shown on screen. Confirm Password Re-enter the password to confirm. Description (Optional) A note to help identify the account. Click OK.
Grant database permissions to the account. Find the account you just created and click Permissions in the Actions column.
ImportantStandard accounts have no database permissions by default. The account cannot access any database until you explicitly grant permissions. For details, see GRANT and Database permission model.
SQL statements
SQL-based account creation is supported for all cluster editions, including Data Warehouse Edition.
Standard accounts created via SQL statements appear in the console only for Enterprise Edition, Basic Edition, and Data Lakehouse Edition clusters. To list accounts created via SQL for Data Warehouse Edition clusters, run:
SELECT User FROM mysql.user;Use the following SQL statements to create and manage standard accounts:
Change a password
If you forget an account password, reset it from the Accounts page.
Change account passwords regularly to protect your data.
On the Accounts page, find the account and click Change Password in the Actions column. In the Change Password panel, enter and confirm a new password, then click OK.
Limitations
| Limitation | Details |
|---|---|
| Privileged account limit | One privileged account per cluster. |
| Standard account limit | Up to 256 standard accounts per cluster. |
| Privileged account creation | Console only. Cannot be created via SQL statements. |
| Standard account creation (Data Warehouse Edition) | SQL statements only. The console does not support standard account creation for Data Warehouse Edition clusters. |
| Standard account visibility (Data Warehouse Edition) | Accounts created via SQL do not appear in the console. Use SELECT User FROM mysql.user; to list them. |
| Permission scope | Standard accounts cannot close database connections established by other standard accounts. |