Create a database account

Precautions

• When you create accounts and grant permissions to the accounts, follow the least privilege principle and properly manage the read and write permissions on your databases based on business requirements. If necessary, you can create multiple accounts and grant each account only the permissions to access the data of specific databases within its authorized workloads. If an account does not need to write data to a database, you must grant only the read-only permissions on the database to the account.
• For security purposes, we recommend that you specify strong passwords for the accounts on your instance and change the passwords on a regular basis.

1. Log on to the ApsaraDB MyBase console.
2. In the upper-left corner of the page, select a region.
3. In the left-side navigation pane, choose Instances > MySQL.
4. Find the instance that you want to manage and click Details in the Actions column.
5. In the left-side navigation pane, click Accounts. On the page that appears, click Create Account.
6. In the Create Account panel, configure the parameters described in the following table and click OK.

   Parameter	Description
   Database Account	Enter the name of the account. The name must meet the following requirements: The name is up to 16 characters in length for an instance that runs MySQL 5.6, or up to 32 characters in length for an instance that runs MySQL 5.7 or MySQL 8.0. The name starts with a lowercase letter and ends with a lowercase letter or a digit. The name contains lowercase letters, digits, or underscores (_). The name is unique.
   Account Type	Privileged Account: An instance can have only a single privileged account. Note By default, the privileged account has the owner permissions on all the databases that are created on the instance. You can reset the permissions of the privileged account. For more information, see Edit permissions of a standard account. The privileged account cannot be deleted. Standard Account: You can select Standard Account only if you have created a privileged account for your instance. Each instance can have more than one standard account. Note You must manually grant standard accounts the permissions on databases. Standard accounts can be deleted.
   Authorized Databases	If you set Account Type to Standard Account, you must grant permissions on databases to the standard account. You can perform the following steps to grant permissions on more than one database to the standard account: In the Unauthorized Databases section, select the databases on which you want to grant permissions to the standard account. Note If no databases are created on the instance, create databases before you grant permissions on databases. Click the > icon to add the selected databases to the Authorized Databases: section. Grant the permissions on each selected database to the standard account. The following permission types are supported: Read/Write (DML), Read-only, and Owner. Note You can use an account to create tables, delete tables, and modify table schemas in a database only if the account has the Owner permissions on the database.
   Password	Enter the password of the account. The password must meet the following requirements: The password is 8 to 32 characters in length. The password contains at least three types of the following characters: uppercase letters, lowercase letters, digits, and special characters. Special characters include ! @ # $ % ^ & * ( ) _ + - =
   Confirm Password	Enter the password of the account again.
   Description	Enter a description that can help you identify the account. The description can be up to 256 characters in length.