After you enable the three-role mode for your PolarDB-X instance, the privileged account becomes the database administrator (DBA) account. You must create a security administrator (DSA) account and a data audit administrator (DAA) account. The DBA, DSA, and DAA accounts are granted different permissions. When you perform an operation on your database, you must enter the password of the account that is granted the required permissions for this operation. This topic describes the operations that require permission verification and how you can be authorized to perform the operations.

Operations that require the permissions of the DBA account

Disable the three-role mode. If you want to you disable the three-role mode, you must enter the password of the DBA account. The username and password of the DBA account are the same as those of the privileged account in the default mode. For more information about how to disable the three-role mode, see Disable the three-role mode.

Operations that require the permissions of the DSA account

You are required to enter the password of the DSA account when you are performing the following operations:
  • Delete a standard account.
  • Update the permissions that are granted to a standard account.
  • Change the password of a standard account.
  • Authorize a standard account to access a database when you are creating the database.

This section describes the procedure to delete a standard account.

  1. Log on to the PolarDB-X console.
  2. In the top navigation bar, select the region where the target instance is located.
  3. On the Instance List page, click the PolarDB-X 2.0 tab.
  4. Find the target instance and click its ID.
  5. In the left-side navigation pane, choose Configuration and management > Account Management.
  6. On the Account Management page, find the standard account that you want to delete and click Delete in the Operation column.
  7. In the message that appears, click OK.
  8. In the Account authorization confirmation dialog box that appears, enter the password of the DSA account and click OK.

Operations that require the permissions of the DAA account

View audit logs. When you open the SQL audit and analysis page to view the audit logs, you must enter the password of the DAA account.

  1. Log on to the PolarDB-X console.
  2. In the top navigation bar, select the region where the target instance is located.
  3. On the Instance List page, click the PolarDB-X 2.0 tab.
  4. Find the target instance and click its ID.
  5. In the left-side navigation pane, choose Diagnosis and optimization > SQL audit and analysis.
  6. In the Audit authority confirmation dialog box that appears, enter the password of the DAA account and click OK.