You can enable and disable the three-role mode in the PolarDB-X console. After you enable the three-role mode for your PolarDB-X instance, the privileged account is selected as the database administrator (DBA) account, and you must create a security administrator (DSA) account and a data audit administrator (DAA) account. This topic describes how to enable and disable the three-role mode.

Enable the three-role mode

  1. Log on to the PolarDB-X console.
  2. In the top navigation bar, select the region where the target instance is located.
  3. On the Instance List page, click the PolarDB-X 2.0 tab.
  4. Find the target instance and click its ID.
  5. In the left-side navigation pane, choose Configuration and management > Safety management.
  6. Click the Account powers tab. In the upper-left corner of the page that appears, turn on the switch next to Current account security mode.
    Note Create the privileged account before you enable the three-role mode. For more information about how to create a privileged account, see Create an account.
  7. In the Create account panel, configure the parameters.
    Parameter Description
    Account name The name of the account.
    Note The name of the account must meet the following requirements:
    • The name can be up to 16 characters in length and can contain lowercase letters, digits, and underscores (_).
    • The name must start with a lowercase letter and end with a lowercase letter or digit.
    • The name must be unique.
    Account type The type of the account. The value is fixed to Security administrator account.
    Password The password of the account.
    Note The password of the account must meet the following requirements:
    • The password must be 8 to 32 characters in length.
    • The password must contain at least three of the following character types: uppercase letters, lowercase letters, digits, and special characters.
    • The password can contain the following special characters:

      @#$%^&+=

    Confirm password The password of the account. Enter the password again to confirm the password.
    Descr The information that can help you manage the account. The account description must be 0 to 256 characters in length.
  8. Click Next Step and configure the parameters.
    Parameter Description
    Account name The name of the account.
    Note The name of the account must meet the following requirements:
    • The name can be up to 16 characters in length and can contain lowercase letters, digits, and underscores (_).
    • The name must start with a lowercase letter and end with a lowercase letter or digit.
    • The name must be unique.
    Account type The type of the account. The value is fixed to Audit administrator account.
    Password The password of the account.
    Note The password of the account must meet the following requirements:
    • The password must be 8 to 32 characters in length.
    • The password must contain at least three of the following character types: uppercase letters, lowercase letters, digits, and special characters.
    • The password can contain the following special characters:

      @#$%^&+=

    Confirm password The password of the account. Enter the password again to confirm the password.
    Descr The information that can help you manage the account. The account description must be 0 to 256 characters in length.
  9. Click OK.
    Note Approximately 3s to 5s are required for the new configuration to take effect.

Disable the three-role mode

  1. Log on to the PolarDB-X console.
  2. In the top navigation bar, select the region where the target instance is located.
  3. On the Instance List page, click the PolarDB-X 2.0 tab.
  4. Find the target instance and click its ID.
  5. In the left-side navigation pane, choose Configuration and management > Safety management.
  6. Click the Account powers tab. On the top of the page that appears, turn off the switch next to Current account security mode.
  7. In the message that appears, click OK.
  8. In the Password verification of high-privilege account dialog box that appears, enter the password of the privileged account and click OK.
    Note Approximately 3s to 5s are required for the new configuration to take effect.