ApsaraDB MyBase for MySQL supports two account types: a privileged account and standard accounts. This topic describes how to create both account types in the ApsaraDB MyBase console.
Prerequisites
Before you begin, ensure that you have:
An ApsaraDB MyBase for MySQL instance. For more information, see Create an ApsaraDB MyBase for MySQL instance
Security recommendations
Follow the least privilege principle when creating accounts and granting permissions. Grant each account only the permissions required for its workload. If an account does not need to write data, grant only the Read-only permission on the database.
Use strong passwords and rotate them regularly.
Create an account
Log on to the ApsaraDB MyBase console.
In the upper-left corner of the page, select a region.
In the left-side navigation pane, choose Instances > MySQL.
Find the target instance and click Details in the Actions column.
In the left-side navigation pane, click Accounts. On the page that appears, click Create Account.
In the Create Account panel, configure the following parameters and click OK.
| Parameter | Description |
|---|---|
| Database Account | The account name. Requirements: <br>- MySQL 5.6: up to 16 characters <br>- MySQL 5.7 or MySQL 8.0: up to 32 characters <br>- Starts with a lowercase letter; ends with a lowercase letter or digit <br>- Contains only lowercase letters, digits, or underscores (_) <br>- Must be unique |
| Account Type | The type of the account: <br>- Privileged Account: An instance can have only one privileged account. By default, it has Owner permissions on all databases on the instance. The permissions can be reset. The privileged account cannot be deleted. <br>- Standard Account: Multiple standard accounts are allowed per instance. A privileged account must exist before you can create a standard account. Permissions must be granted manually. Standard accounts can be deleted. |
| Authorized Databases | Applies only to standard accounts. To grant permissions on one or more databases: <br>1. In the Unauthorized Databases section, select the databases to authorize. If no databases exist, create them first. <br>2. Click the > icon to move the selected databases to the Authorized Databases section. <br>3. For each database, select a permission type: Read/Write (DML), Read-only, or Owner. Owner permission is required to create, delete, or modify table schemas. <br> |
| Password | The account password. Requirements: <br>- 8–32 characters <br>- Contains at least three of the following character types: uppercase letters, lowercase letters, digits, and special characters <br>- Supported special characters: ! @ # $ % ^ & * ( ) _ + - = |
| Confirm Password | Re-enter the password. |
| Description | (Optional) A description to help identify the account. Maximum 256 characters. |
What's next
To modify the permissions of a standard account, see Edit permissions of a standard account.