Manage database accounts for a cluster - PolarDB for MySQL

Background information

PolarDB for MySQL supports two types of accounts: privileged account and standard account. You can manage all accounts and databases in the PolarDB console.

Precautions

To ensure data security, you cannot create and use a root account in PolarDB.
If you execute the UPDATE or INSERT statement to modify permission tables in a MySQL database to change the password or permissions of an account, data cannot be synchronized to read-only nodes. We recommend that you use the following methods to change the password or permissions:
- Use the PolarDB console to change the password or permissions. For more information, see Change the password of an account.
- Use the command-line interface (CLI) to change the password or permissions as a privileged user. For more information, see Run commands to change the password or permissions of an account.

Create a database account

For more information, see Create a database account.

Change the password of an account

Log on to the PolarDB console.
In the upper-left corner of the console, select the region where the cluster that you want to manage is deployed.
Find the cluster that you want to manage and click the cluster ID.
In the left-side navigation pane, choose Settings and Management > Accounts.
Find the target account and click Change Password in the Actions column.
In the dialog box that appears, enter and confirm the new password, and click OK.

Reset permissions of the privileged account

If an issue occurs on the privileged account, for example, permissions are unexpectedly revoked, you can enter the password of the privileged account to reset permissions.

Log on to the PolarDB console.
In the upper-left corner of the console, select the region where the cluster that you want to manage is deployed.
Find the cluster that you want to manage and click the cluster ID.
In the left-side navigation pane, choose Settings and Management > Accounts.
Find the target account and click Reset Permissions in the Actions column.
In the dialog box that appears, click OK .

Modify the permissions of a standard account

Log on to the PolarDB console.
In the upper-left corner of the console, select the region where the cluster that you want to manage is deployed.
Find the cluster that you want to manage and click the cluster ID.
In the left-side navigation pane, choose Settings and Management > Accounts.
Find the target account and click Modify Permissions in the Actions column.
In the dialog box that appears, modify permissions of authorized databases and unauthorized databases, and click OK.

Delete an account

Log on to the PolarDB console.
In the upper-left corner of the console, select the region where the cluster that you want to manage is deployed.
Find the cluster that you want to manage and click the cluster ID.
In the left-side navigation pane, choose Settings and Management > Accounts.
Find the target account and click Delete in the Actions column.
In the dialog box that appears, click OK.

Run commands to change the password or permissions of an account

You can log on to the cluster with the privileged account and run the following command to change the password of an account:

PolarDB for MySQL 8.0:

ALTER USER {username} IDENTIFIED BY '{password}'


Parameter	Description
username	The account for which you want to change the password.
password	The password of the account.

PolarDB for MySQL 5.6 or 5.7:

SET PASSWORD FOR 'username'@'host' = PASSWORD('password')


Parameter	Description
username	The account for which you want to change the password.
host	The host from which the account can be used to log on to the database. If you set this parameter to a percent sign (%), you can log on to the database from all hosts by using the account.
password	The password of the account.

You can log on to the cluster with the privileged account and run the following command to change permissions of an account:

GRANT privileges ON databasename.tablename TO 'username'@'host' WITH GRANT OPTION;


Parameter	Description
privileges	The operations that are granted to the account, such as SELECT, INSERT, and UPDATE. If you set this parameter to ALL, you can manage all databases.
databasename	The name of the database. If you set this parameter to an asterisk (*), the account can be used to manage all databases.
tablename	The name of a table. If you set this parameter to an asterisk (*), the account can be used to manage all tables.
username	The account to be authorized.
host	The host from which the account can be used to log on to the database. If you set this parameter to a percent sign (%), you can log on to the database from all hosts by using the account.
WITH GRANT OPTION	Grants the GRANT command permissions to the account. This parameter is optional.

Related operations


API	Description
CreateAccount	Creates an account for a specified cluster.
DescribeAccounts	Queries the accounts of a specified cluster.
ModifyAccountDescription	Modifies the description of an account for a specified cluster.
ModifyAccountPassword	Changes the password of an account for a specified cluster.
GrantAccountPrivilege	Grants access permissions on one or more databases in a specified cluster to an account.
RevokeAccountPrivilege	Revokes access permissions on one or more databases from an account for a specified cluster.
ResetAccount	Resets permissions of an account.
DeleteAccount	Deletes an account.