This topic describes how to create an account for an ApsaraDB MyBase for SQL Server instance.

Prerequisites

An ApsaraDB MyBase for SQL Server instance is created. For more information, see Create an ApsaraDB MyBase for SQL Server instance.

Usage notes

  • Follow the principle of least privilege to create accounts and grant them read-only permissions or read/write permissions on specific databases based on your business requirements. If necessary, you can create multiple accounts and grant each account only the permissions to access the data of specific databases within its authorized workloads. If an account does not need to write data to a database, you must grant only the read-only permissions on the database to the account.
  • For security purposes, we recommend that you specify strong passwords for the accounts and change the passwords on a regular basis.

Procedure

  1. Log on to the ApsaraDB MyBase console.
  2. In the upper-left corner of the page, select the region where you want to create a dedicated cluster.
  3. In the left-side navigation pane, choose Instances > SQL Server.
  4. Find the instance that you want to release and click Details in the Actions column.
  5. In the left-side navigation pane, click Accounts.
  6. Click Create Account.
  7. In the panel that appears, set the parameters that are described in the following table.
    Parameter Description
    Database Account The name of the account must be 2 to 64 characters in length, and can contain lowercase letters, digits, and underscores (_). The name must start with a lowercase letter and end with a lowercase letter or a digit.
    Account Type
    • Privileged Account: An ApsaraDB MyBase for SQL Server instance can have only one privileged account.
      Note
      • By default, the privileged account has the owner permissions on all the databases that are created in the instance. You can modify the permissions of the privileged account. For more information, see Modify the permissions of an account.
      • The privileged account cannot be deleted.
    • Standard Account: You can select Standard Account only if you have created a privileged account for the instance. An ApsaraDB MyBase for SQL Server instance can have multiple standard accounts.
      Note
      • You must manually grant standard accounts the permissions on databases.
      • Standard accounts can be deleted.
    • System Admin Account: An ApsaraDB MyBase for SQL Server instance can have only one system admin account.
      Note
      • The following names cannot be used as the name of the system admin account:
        root|admin|eagleye|master|aurora|sysadmin|administrator|mssqld|public|securityadmin|serveradmin|setupadmin|processadmin|diskadmin|dbcreator|bulkadmin|tempdb|msdb|model|distribution|mssqlsystemresource|guest|add|except|percent|all|exec|plan|alter|execute|precision|and|exists|primary|any|exit|print|as|fetch|proc|asc|file|procedure|authorization|fillfactor|public|backup|for|raiserror|begin|foreign|read|between|freetext|readtext|break|freetexttable|reconfigure|browse|from|references|bulk|full|replication|by|function|restore|cascade|goto|restrict|case|grant|return|check|group|revoke|checkpoint|having|right|close|holdlock|rollback|clustered|identity|rowcount|coalesce|identity_insert|rowguidcol|collate|identitycol|rule|column|if|save|commit|in|schema|compute|index|select|constraint|inner|session_user|contains|insert|set|containstable|intersect|setuser|continue|into|shutdown|convert|is|some|create|join|statistics|cross|key|system_user|current|kill|table|current_date|left|textsize|current_time|like|then|current_timestamp|lineno|to|current_user|load|top|cursor|national|tran|database|nocheck|transaction|dbcc|nonclustered|trigger|deallocate|not|truncate|declare|null|tsequal|default|nullif|union|delete|of|unique|deny|off|update|desc|offsets|updatetext|disk|on|use|distinct|open|user|distributed|opendatasource|values|double|openquery|varying|drop|openrowset|view|dummy|openxml|waitfor|dump|option|when|else|or|where|end|order|while|errlvl|outer|with|escape|over|writetext||dbo|login|sys|drc_rds$
      • By default, the system admin account has all the permissions on all the databases that are created in the instance. You cannot modify the permissions of the system admin account.
      • After the system admin account is created, the service level agreement (SLA) is not guaranteed. Exercise caution when you create this type of account.
      • The system admin account can be deleted.
    Authorized Databases If you set the Account Type parameter to Standard Account, you must grant permissions on databases to the standard account.

    You can perform the following steps to grant permissions on more than one database to the standard account:

    1. In the Unauthorized Databases section, select the databases on which you want to grant the permissions to the standard account.
      Note If no databases are created in the instance, create databases before you grant permissions on databases.
    2. Click the > icon to add the selected databases to the Authorized Databases: section.
    3. Grant the permissions on each selected database to the standard account. The following permission types are supported: Read/Write (DML), Read-only, and Owner.
      Note You can use a standard account to create tables, delete tables, and modify table schemas in a database only if the standard account has the Owner permissions on the database.
      Authorized Database
    Password

    Enter a password for the account. The password must meet the following requirements:

    • The password must be 8 to 32 characters in length.
    • The password must contain at least three of the following character types: uppercase letters, lowercase letters, digits, and special characters.
    • The password can contain the following special characters: ! @ # $ % ^ & * ( ) _ + - =
    Confirm Password Enter the password of the account again.
    Description Enter a description that can help you identify the account. The description can be up to 256 characters in length.
  8. Click OK.
    Note
    • After the account is created, you can view the account on the current page.
    • If you forget the password that you set for an account, you can reset the password. For more information, see Reset a password.