Hologres is deeply integrated with the Alibaba Cloud account system. Hologres users are authenticated by using Alibaba Cloud accounts. This topic describes the Alibaba Cloud account system that is used in Hologres.
Account management
| Account type | Description |
|---|---|
| Alibaba Cloud account | Alibaba Cloud accounts are used to create and manage Hologres instances. For example, you can use your Alibaba Cloud account to log on to the Hologres console, create a database, change the billing method of an instance from pay-as-you-go to subscription, and grant permissions on objects to other users. |
| RAM user | After you create a RAM user by using your Alibaba Cloud account and grant permissions
to the RAM user, the RAM user can create and manage Hologres instances within the
scope of the granted permissions. For example, the RAM user can log on to the Hologres console, create a database, change the billing method of an instance from pay-as-you-go to
subscription, and grant permissions on objects to other users.
RAM users are subordinate to Alibaba Cloud accounts and do not actually own resources. All resources belong only to Alibaba Cloud accounts. |
| Custom accounts | You can use a custom account to perform operations on databases within the scope of the granted permissions. For example, you can use a custom account to create or delete databases, tables, and views, and connect to databases. |
Login accounts
- When you grant permissions to an Alibaba Cloud account, the full expression of the
Alibaba Cloud account must contain the login account, as described in the following
table.
Account format Description Example ALIYUN$<Login Account>@aliyun.com <Login Account>: the login account of the Alibaba Cloud account. ALIYUN$company@aliyun.com <Login Account>@aliyun.com company@aliyun.com - When you grant permissions to a RAM user, the full expression of the RAM user must
contain the login account of the Alibaba Cloud account to which the RAM user belongs,
as described in the following table.
Account format Description Example <subUserName>@<Login Account>.onaliyun.com The account formats contain the following parameters: - <subUserName>: the name of the RAM user.
- <Login Account>: the login account of the Alibaba Cloud account.
- <AccountID>: the account ID of the Alibaba Cloud account.
holouser@company.onaliyun.com <subUserName>@<Login Account> holouser@company <subUserName>@<Account ID>.onaliyun.com holouser@123456789xxxx RAM$<subUserName> RAM$holo_test RAM$<Login Account>:<subUserName> RAM$company:holouser RAM$<Account ID>:<subUserName> RAM$123456789xxxx:holouser <subUserName>@<Account ID> holouser@123456789xxxx
Account IDs
189813715xxxx. You can obtain the account ID on the Security Settings page of the Account Center. 
p4_UID format. Example: p4_12333388xxx. 
create USER "189813715xxxx"; // Authorize the user whose Alibaba Cloud account ID is 189813715xxxx to connect to Hologres.
create USER "p4_12333388xxx" superuser;// Assign the superuser role to the RAM user whose UID is 12333388xxx. SELECT current_user;AccessKey ID and AccessKey secret
The AccessKey ID and AccessKey secret are issued by Alibaba Cloud for you to connect to Hologres instances. The AccessKey ID is similar to a login account, and the AccessKey secret is similar to a login password. You can view the AccessKey ID and AccessKey secret on the Security Management page of the User Management console.
The AccessKey ID and AccessKey secret are access credentials that are issued by Alibaba Cloud. They have a validity period. If the AccessKey ID and AccessKey secret expire, you can create another AccessKey pair. For more information, see Create an Alibaba Cloud account.
When you use tools such as the PostgreSQL client or a JDBC client to connect to a Hologres instance, you must enter your AccessKey ID and AccessKey secret as the username and password.