Before you manage accounts, visit the Alibaba Cloud official website and log on to the ApsaraDB for Lindorm (Lindorm) console. In the Lindorm console, select an instance. In the left-side navigation pane of the instance details page, click Time Series Engine. On the page that appears, you can use Lindorm TSDB. Lindorm TSDB allows you to manage administrator accounts and standard accounts. You can manage all accounts in the console. Account permissions are divided into the following types: read-only, write-only, read and write, and super. For information about the permissions that are required for Lindorm TSDB to call read and write operations, see the "Permissions that are required to call common API operations" section of this topic.
Manage accounts
On the Account Management page, click Create.
In the Create User dialog box, configure an account name and a password.
Create an administrator account
Create a standard account
Note:
The account name must be 1 to 10 characters in length and can contain lowercase letters, digits, and underscores (_). The account name must start with a letter and end with a letter or digit.
The password must be 6 to 20 characters in length and contain only letters, digits, underscores (_), at signs (@), number signs (#), and periods (.).
The account is created. The following figure provides an example. In this example, the account name is
tester.
Delete an account
On the Account Management page, find the account that you want to delete and click Delete.
The permissions and passwords of accounts cannot be modified.
On the Account Management, click Deactivate User Management.
Authenticate accounts that are used to perform read or write operations
After you create an account, the system authenticates the account when you use Lindorm TSDB to call read or write operations. If you enable the account management feature, the account is authenticated when you use Lindorm TSDB to send requests to most HTTP APIs. For more information about the permissions that are required for Lindorm TSDB to call HTTP APIs, see the "Permissions that are required to call common API operations" section of this topic.
To check whether an account is available, you can run the curl command to access the api/put or api/query request path based on the permissions of the account. In this example, a query request that contains the api/put path is sent.
curl -X POST -u ${Account name}:${Plaintext password} http://ld-xxxxxxxxxxxxx-proxy-tsdb-pub.lindorm.rds.aliyuncs.com:8242/api?summary -d '[{"metric":"sys.cpu.nice","timestamp":1346846400,"value":18,"tags":{"host":"web01","dc":"lga"}}]'If you create the TSDBConfig object, call the basicAuth() method to input your account name and plaintext password. All connections that are established by using the TSDBConfig object carry the input account information to access Lindorm TSDB.
For applications that do not support the Lindorm TSDB SDK, such as the Python and Go applications, you must add the Authorization field to the header when you send an HTTP request. The Authorization field contains the basic authentication credential that is organized in a piece of text in the format defined in the RFC 2617 standard.
Only the HTTP requests with the Authorization field can be processed by Lindorm TSDB.
Basic {Base64-encoded authentication information}Format of Base64-encoded authentication information: %Authorization:Basic ${Account name}:${Password}%. Separate the fields with colons (:).
Permissions that are required to call common API operations
The following table lists the permission control policies for calls to common API operations. These policies take effect after you enable the account management feature.
Operation | Non-authenticated account | WriteOnly account | ReadOnly account | ReadWrite account | Super account |
|---|---|---|---|---|---|
/api/put | × | ○ | × | ○ | ○ |
/api/query | × | × | ○ | ○ | ○ |
/api/query/last | × | × | ○ | ○ | ○ |
/api/mput | × | ○ | × | ○ | ○ |
/api/mquery | × | × | ○ | ○ | ○ |
/api/query/mlast | × | × | ○ | ○ | ○ |
/api/suggest | × | × | ○ | ○ | ○ |
/api/dump_meta | × | × | ○ | ○ | ○ |
/api/search/lookup | × | × | ○ | ○ | ○ |
/api/ttl | × | × | × | × | ○ |
/api/delete_data | × | ○ | × | ○ | ○ |
/api/truncate | × | × | × | × | ○ |