This topic describes how to create PolarDB for MySQL accounts and explains the differences between privileged accounts and standard accounts.
Background information
You can create and manage privileged accounts and standard accounts in the PolarDB for MySQL console.
Note To avoid security risks, PolarDB for MySQL does not provide root accounts.
| Account type | Description |
| Privileged Account |
|
| Standard Account |
|
Create a privileged account
- Log on to the PolarDB console.
- In the upper-left corner of the console, select the region in which the cluster that you want to manage is deployed.
- Find the cluster and click the cluster ID.
- In the left-side navigation pane, choose .
- Click Create Account.
- In the Create Account panel, specify the following parameters. The following table describes the parameters.
Parameter Description Account Name Enter the username of the account. The username must meet the following requirements:
- It must start with a lowercase letter and end with a letter or a digit.
- It can contain lowercase letters, digits, and underscores (_).
- It must be 2 to 32 characters in length.
- It cannot be root, admin, or another username that is reserved by the system.
Account Type Specify the type of the account. Select Privileged Account. Note If you have already created a privileged account, you cannot select Privileged Account. You can create only one privileged account for each cluster.Password Enter a password for the account. The password must meet the following requirements: - It must contain at least three of the following character types: uppercase letters, lowercase letters, digits, and special characters.
- It must be 8 to 32 characters in length.
- It can contain the following special characters:
!@#$%^&*()_+-=
Confirm Password Enter the logon password again. Description The information that can help you manage the account. It must meet the following requirements: - It cannot start with
http://orhttps://. - It must be 2 to 256 characters in length.
- Click OK.
Create a standard account
- Log on to the PolarDB console.
- In the upper-left corner of the console, select the region in which the cluster that you want to manage is deployed.
- Find the cluster and click the cluster ID.
- In the left-side navigation pane, choose .
- Click Create Account.
- In the Create Account panel, specify the following parameters.
Parameter Description Account Name Enter the username of the account. The username must meet the following requirements:
- It must start with a lowercase letter and end with a letter or a digit.
- It can contain lowercase letters, digits, and underscores (_).
- It must be 2 to 32 characters in length.
- It cannot be root, admin, or another username that is reserved by the system.
Account Type Specify the type of the account. Select Standard Account. Authorized Databases You can grant permissions on one or more databases to the account. You can leave this parameter empty. You can grant the account the database permissions after the account is created. - Select one or more databases from the Unauthorized Database list and click the
icon. Then, the selected databases are added to the Authorized Database list. - In the Authorized Database list, specify the permissions on the selected databases. To specify the permissions, select one of the following options: Read/Write, Read-only, DML Only, DDL Only, and Read-only + Index.
Note If you need to customize the permissions or grant the account specific table permissions, click Customize Permissions below the Unauthorized Database list. On the page that appears, you can use the permission management feature of Database Management Service (DMS) to manage the account permissions. For more information, see Manage user permissions on MySQL databases.Password Enter a password for the account. The password must meet the following requirements: - It must contain at least three of the following character types: uppercase letters, lowercase letters, digits, and special characters.
- It must be 8 to 32 characters in length.
- It can contain the following special characters:
!@#$%^&*()_+-=
Confirm Password Enter the logon password again. Description The information that can help you manage the account. It must meet the following requirements: - It cannot start with
http://orhttps://. - It must be 2 to 256 characters in length.
- Click OK.
Reset the permissions of a privileged account
If the permissions of a privileged account are accidentally revoked or encounter other exceptions, you can reset the permissions to restore the privileged account to the initial state. To reset the permissions of the account, perform the following steps:
- Log on to the PolarDB console.
- In the upper-left corner of the console, select the region in which the cluster that you want to manage is deployed.
- Find the cluster and click the cluster ID.
- In the left-side navigation pane, choose .
- On the page that appears, find the privileged account that you want to manage. In the Actions column for the privileged account, click Reset Permissions
- In the dialog box that appears, enter the password of the privileged account. Then, click OK to reset the permissions of the account.
What to do next
Related operations
| API | Description |
| CreateAccount | Creates an account. |
| DescribeAccounts | Queries the accounts of a specified cluster. |
| ModifyAccountDescription | Modifies the description of a database account for a PolarDB cluster. |
| ModifyAccountPassword | Changes the password of a database account. |
| GrantAccountPrivilege | Grants a specified standard account the permissions on one or more databases of a specified PolarDB cluster. |
| RevokeAccountPrivilege | Revokes the permissions on one or more databases from a specified PolarDB standard account. |
| ResetAccount | Resets the permissions of a privileged account for a specified PolarDB cluster. |