Hologres is deeply integrated with the Alibaba Cloud account system. Hologres users are authenticated by using Alibaba Cloud accounts. This topic describes the Alibaba Cloud account system that is used in Hologres.

Account management

Hologres is deeply integrated with the Alibaba Cloud account system. Hologres accounts include Alibaba Cloud accounts and RAM users, as described in the following table. To grant permissions on a Hologres instance to Alibaba Cloud accounts and RAM users, you must use their login accounts or account IDs. For more information, see Login accounts and Account IDs.
Account type Description
Alibaba Cloud account Alibaba Cloud accounts are used to create and manage Hologres instances. For example, you can use your Alibaba Cloud account to log on to the Hologres console, create a database, change the billing method of an instance from pay-as-you-go to subscription, and grant permissions on objects to other users.
RAM user After you create a RAM user by using your Alibaba Cloud account and grant permissions to the RAM user, the RAM user can create and manage Hologres instances within the scope of the granted permissions. For example, the RAM user can log on to the Hologres console, create a database, change the billing method of an instance from pay-as-you-go to subscription, and grant permissions on objects to other users.

RAM users are subordinate to Alibaba Cloud accounts and do not actually own resources. All resources belong only to Alibaba Cloud accounts.

Custom accounts You can use a custom account to perform operations on databases within the scope of the granted permissions. For example, you can use a custom account to create or delete databases, tables, and views, and connect to databases.

Login accounts

When you grant permissions to an Alibaba Cloud account or a RAM user, you must use the login account of the Alibaba Cloud account. You can obtain the login account on the Security Settings page of the Account Center. Obtain the logon account
  • When you grant permissions to an Alibaba Cloud account, the full expression of the Alibaba Cloud account must contain the login account, as described in the following table.
    Account format Description Example
    ALIYUN$<Login Account>@aliyun.com <Login Account>: the login account of the Alibaba Cloud account. ALIYUN$company@aliyun.com
    <Login Account>@aliyun.com company@aliyun.com
  • When you grant permissions to a RAM user, the full expression of the RAM user must contain the login account of the Alibaba Cloud account to which the RAM user belongs, as described in the following table.
    Account format Description Example
    <subUserName>@<Login Account>.onaliyun.com The account formats contain the following parameters:
    • <subUserName>: the name of the RAM user.
    • <Login Account>: the login account of the Alibaba Cloud account.
    • <AccountID>: the account ID of the Alibaba Cloud account.
    holouser@company.onaliyun.com
    <subUserName>@<Login Account> holouser@company
    <subUserName>@<Account ID>.onaliyun.com holouser@123456789xxxx
    RAM$<subUserName> RAM$holo_test
    RAM$<Login Account>:<subUserName> RAM$company:holouser
    RAM$<Account ID>:<subUserName> RAM$123456789xxxx:holouser
    <subUserName>@<Account ID> holouser@123456789xxxx

Account IDs

An account ID is a string of digits. Example: 189813715xxxx. You can obtain the account ID on the Security Settings page of the Account Center. 725
The account ID of a RAM user is the UID of the RAM user. You can obtain the UID on the user details page in the Resource Access Management (RAM) console. When you grant permissions to a RAM user by using its UID in Hologres, the UID must be in the p4_UID format. Example: p4_12333388xxx. 726
The following sample statements show how to grant permissions to users in Hologres by using account IDs:
create USER "189813715xxxx"; // Authorize the user whose Alibaba Cloud account ID is 189813715xxxx to connect to Hologres. 
create USER "p4_12333388xxx" superuser;// Assign the superuser role to the RAM user whose UID is 12333388xxx. 
You can execute the following statement in Hologres to view your account ID:
SELECT current_user;

AccessKey ID and AccessKey secret

The AccessKey ID and AccessKey secret are issued by Alibaba Cloud for you to connect to Hologres instances. The AccessKey ID is similar to a login account, and the AccessKey secret is similar to a login password. You can view the AccessKey ID and AccessKey secret on the Security Management page of the User Management console.

The AccessKey ID and AccessKey secret are access credentials that are issued by Alibaba Cloud. They have a validity period. If the AccessKey ID and AccessKey secret expire, you can create another AccessKey pair. For more information, see Create an Alibaba Cloud account.

When you use tools such as the PostgreSQL client or a JDBC client to connect to a Hologres instance, you must enter your AccessKey ID and AccessKey secret as the username and password.