This topic describes how to create a database and account on an RDS for MariaDB instance.

Account types

ApsaraDB RDS for MariaDB supports privileged and standard database accounts. You can manage all accounts and databases in the ApsaraDB for RDS console.
Account type Description
Privileged account
  • You can create and manage a privileged account by using the ApsaraDB for RDS console or APIs.
  • You can create only one privileged account on each RDS instance. The privileged account can be used to manage all standard accounts and databases on the instance.
  • A privileged account allows you to manage permissions to a fine level. For example, you can grant each standard account the permissions to query specific tables.
  • A privileged account has all permissions on databases created on the instance.
  • A privileged account has permissions to disconnect all standard accounts on the instance.
Standard account
  • You can create and manage standard accounts by using the ApsaraDB for RDS console, APIs, or SQL statements.
  • You can create more than one standard account on each instance. The maximum number of standard accounts varies based on the database engine of the instance.
  • You must manually grant standard accounts the permissions on specific databases.
  • You cannot use a standard account to create, manage, or disconnect other accounts from databases.

Create a privileged account

  1. Log on to the ApsaraDB for RDS console.
  2. In the top navigation bar, select the region where the target RDS instance resides.
  3. Find the target RDS instance and click its ID.
  4. In the left-side navigation pane, click Accounts.
  5. Click Create Account.
  6. In the Create Account pane, configure the following parameters.
    Parameter Description
    Database Account

    Enter the account name. The account name must meet the following requirements:

    • Starts with a letter and ends with a letter or digit.
    • Contains lowercase letters, digits, or underscores (_).
    • Must be 2 to 16 characters in length.
    Note If the name of the privileged account is the same as that of an existing standard account, the privileged account replaces the standard account.
    Account Type Select Privileged Account.
    Password

    Enter the account password. The password must meet the following requirements:

    • Must be 8 to 32 characters in length.
    • Contains at least three of the following character types: uppercase letters, lowercase letters, digits,
    • Special characters include ! @ # $ % ^ & * ( ) _ + - =
    Confirm Password Enter the account password again.
    Description Enter a description that helps identify the account. The description can be up to 256 characters in length.
  7. Click OK.

Reset permissions of the privileged account

If the privileged account of your RDS instance encounters exceptions, for example, its permissions are revoked by accident, follow these steps to reset the permissions:

  1. Log on to the ApsaraDB for RDS console.
  2. In the top navigation bar, select the region where the target RDS instance resides.
  3. Find the target RDS instance and click its ID.
  4. In the left-side navigation pane, click Accounts.
  5. Find the privileged account, and click Reset Permissions in the Actions column.
  6. Enter the password of the privileged account to reset its permissions.

Create a standard account

  1. Log on to the ApsaraDB for RDS console.
  2. In the top navigation bar, select the region where the target RDS instance resides.
  3. Find the target RDS instance and click its ID.
  4. In the left-side navigation pane, click Accounts.
  5. Click Create Account.
  6. In the Create Account pane, configure the following parameters.
    Parameter Description
    Database Account

    Enter the account name. The account name must meet the following requirements:

    • Starts with a letter and ends with a letter or digit.
    • Contains lowercase letters, digits, or underscores (_).
    • Must be 2 to 16 characters in length.
    Account Type Select Standard Account.
    Authorized Databases Select one or more databases on which you want to grant permissions to the account. You can leave this parameter empty and grant account permissions on specific databases when you create the databases.
    1. Select one or more databases from the Unauthorized Databases box and click the right arrow to add them to the Authorized Databases box.
    2. In the Authorized Databases box, select Read/Write, Read-only, DDL Only, or DML Only for each authorized database.

      If you want to grant the same permissions on multiple authorized databases at a time, select the authorized databases and click the button in the upper-right corner. For example, click Set All to Read/Write.

      Note The button in the upper-right corner changes after you click it. For example, after you click Set All to Read/Write, the button changes to Set All to Read-only.
    Password

    Enter the account password. The password must meet the following requirements:

    • Must be 8 to 32 characters in length.
    • Contains at least three of the following character types: uppercase letters, lowercase letters, digits,
    • Special characters include ! @ # $ % ^ & * ( ) _ + - =
    Confirm Password Enter the account password again.
    Description Optional. Enter a description that helps identify the account. The description can be up to 256 characters in length.
  7. Click OK.

Create a database

  1. Log on to the ApsaraDB for RDS console.
  2. In the top navigation bar, select the region where the target RDS instance resides.
  3. Find the target RDS instance and click its ID.
  4. In the left-side navigation pane, click Databases.
  5. Click Create Database.
  6. Configure the following parameters.
    Parameter Description
    Database Name
    • The database name must start with a letter and end with a letter or digit.
    • The database name can contain lowercase letters, digits, underscores (_), and hyphens (-).
    • The database name must be 2 to 64 characters in length.
    Supported Character Set The character set that is supported by the database.
    Authorized Account Select one or more accounts that require access to the database. You can leave this parameter empty and configure account permissions after you create the database.
    Note Only standard accounts are available in the drop-down list. The privileged account has all permissions on all databases without authorization.
    Account Type Select the permissions that you want to grant to the selected accounts. You can select Read/Write, Read-only, DDL Only, or DML Only.
    Description Optional. Enter information that helps identify the database. The description can be up to 256 characters in length.
  7. Click Create.

Related operations

Operation Description
CreateAccount Creates an account.
CreateDatabase Creates a database.