All Products
Search
Document Center

PolarDB:Multi-tenant management

Last Updated:Jun 21, 2026

PolarDB for MySQL provides a multi-tenant mode that allows multiple tenants to share computing and storage resources within a single cluster. This mode guarantees data and resource isolation between tenants. This isolation prevents resource contention and ensures operational stability.

How it works

image
Note

Although the system tenant, regular tenant A, and regular tenant B each contain a database named DB_1 and a user named user_1, these are distinct entities that only share the same name.

Key concepts

Tenant: A tenant resides below the database cluster level and above the database and user level. Tenants are classified as either a system tenant or a regular tenant.

  • System tenant: The system tenant is designed to support existing users and databases for backward compatibility. Pre-existing databases and users in a cluster belong to the system tenant by default. A user from the system tenant can access the databases of all tenants, provided they have the necessary permissions.

  • Regular tenant: A regular tenant must be created under the system tenant. Databases and users are completely isolated between regular tenants. Regular tenants also cannot access databases that belong to the system tenant. For CPU resource scheduling, regular tenants are classified as an exclusive tenant or a shared tenant based on whether the value of min_cpu is greater than 0.

    • Exclusive tenant: min_cpu > 0. The system guarantees that the CPU resources for this tenant will not fall below the min_cpu value at any time.

    • Shared tenant: The min_cpu value is 0.

    You can convert between an exclusive tenant and a shared tenant by adjusting the value of the min_cpu parameter.

Resource configuration: A resource configuration defines the resources that a tenant can use, enabling resource isolation and scheduling among tenants. Currently, only CPU resources can be isolated and scheduled.

Prerequisites

To enable the multi-tenant mode, your cluster must meet the following requirements:

The database engine is MySQL 8.0.2 or later, the database edition is Enterprise Edition, the Edition is Cluster Edition, and all cluster nodes must have identical specifications.

Note

The multi-tenant mode is currently in canary release. To enable this feature, contact technical support through the specified DingTalk group. After the feature is enabled, you must restart the target cluster for the changes to take effect.

DingTalk group number: 59535005981.

Limitations

  • Binlog synchronization for tenants is not supported.

  • Partial permission revocation is not supported.

Quick start

  1. Enable standalone multi-tenant mode.

    Note

    The multi-tenant mode is currently in canary release. To enable this feature, contact technical support through the specified DingTalk group. After the feature is enabled, you must restart the target cluster for the changes to take effect.

    DingTalk group number: 59535005981.

  2. Connect to the database using a privileged account.

  3. Create resource configurations r1 and r2.

    CREATE resource_config r1 min_cpu 1 max_cpu 2;
    CREATE resource_config r2 min_cpu 1 max_cpu 4;
    Note
    • Set the min_cpu and max_cpu values based on the node specifications of your cluster.

    • The min_cpu value for any tenant cannot exceed the number of cores on a cluster node minus one. You must reserve at least one core for the system tenant. Otherwise, binding the tenant to the resource configuration will fail during tenant creation.

  4. Create tenants tn1 and tn2. When you create the tenants, you must bind them to the resource configurations that you created.

    CREATE tenant tn1 resource_config r1;
    CREATE tenant tn2 resource_config r2;
    Note

    Ensure that the sum of the min_cpu values from the resource configurations of all tenants does not exceed the number of cores on a cluster node minus one.

  5. Create users u1 and u2, and databases db1 and db2.

    -- Create user u1 in tenant tn1.
    CREATE USER 'u1@tn1' IDENTIFIED BY 'password';
    -- Create database db1 in tenant tn1.
    CREATE DATABASE `db1@tn1`;
    -- Create user u2 in tenant tn2.
    CREATE USER 'u2@tn2' IDENTIFIED BY 'password';
    -- Create database db2 in tenant tn2.
    CREATE DATABASE `db2@tn2`;
    Note

    When using a privileged account to create a user or database, you must append the @<tenant_name> suffix to the username or database name.

  6. Grant permissions to users u1 and u2.

    -- Grant permissions on tenant tn1 to user u1.
    GRANT ALL PRIVILEGES ON `%@tn1`.* TO 'u1@tn1'@'%' WITH GRANT OPTION;
    -- Grant permissions on tenant tn2 to user u2.
    GRANT ALL PRIVILEGES ON `%@tn2`.* TO 'u2@tn2'@'%' WITH GRANT OPTION;
  7. You can use the users u1@tn1 and u2@tn2 to verify the data and resource isolation between tenants.

  8. (Optional) View the tenants, users, and databases that you created.

    • Tenants: Connect to the database using a privileged account and run the SELECT statement to view tenants. Example:

      SELECT * FROM mysql.tenants;
    • Users: Go to the PolarDB console and open Settings and Management > Account Management.

      • Users with an Username that does not have the @ suffix belong to the system tenant.

      • Users with an Username that has the @ suffix belong to the corresponding regular tenant.

    • Databases: Go to the PolarDB console and open Settings and Management > Databases.

      • Databases with a Database Name that does not have the @ suffix belong to the system tenant.

      • Databases with a Database Name that has the @ suffix belong to the corresponding regular tenant.

Features

Standalone multi-tenant mode

Note

The multi-tenant mode is currently in canary release. To enable this feature, contact technical support through the specified DingTalk group. After the feature is enabled, you must restart the target cluster for the changes to take effect.

DingTalk group number: 59535005981.

Enable data isolation

To enable data isolation, set the enable_multi_tenant parameter to ON.

Enable resource isolation

To enable resource isolation, you must first enable data isolation. Set the enable_multi_tenant, thread_pool_multi_tenant_enabled, and thread_pool_enabled parameters to ON. You must also ensure that the thread_pool_size parameter value matches the number of cores on the target cluster's nodes.

  • View node specifications:

    On the Basic Information page of your cluster, you can view the cluster's node specifications in the Database Nodes section.

    The card for each node, such as the primary node or a read-only node, displays its current specifications, such as 8 Cores 32 GB.

  • Set parameters:

    • To enable the enable_multi_tenant and thread_pool_multi_tenant_enabled parameters, contact technical support.

    • To modify the thread_pool_enabled and thread_pool_size parameters, go to the Settings and Management > Parameters page in the PolarDB console. For more information, see Set cluster and node parameters.

Resource management

The standalone multi-tenant mode in PolarDB for MySQL supports only CPU resource isolation. When you create a resource configuration, you can specify CPU limits by using the min_cpu and max_cpu parameters. When you bind this resource configuration to a tenant, it limits the CPU resources available to that tenant's user connections.

Create resource configuration

Connect to the database using a privileged account and run the CREATE statement to create a resource configuration.

Syntax:

CREATE resource_config <resource_config_name> min_cpu <min_cpu> max_cpu <max_cpu>;

Example:

CREATE resource_config r1 min_cpu 0 max_cpu 1;
CREATE resource_config r2 min_cpu 1 max_cpu 4;
Note
  • Set the min_cpu and max_cpu values based on the node specifications of your cluster.

  • When you create a resource configuration, the system does not check the configuration against the cluster node specifications. This check occurs only when a tenant is bound to the resource configuration.

  • The min_cpu value for any tenant cannot exceed the number of cores on a cluster node minus one. You must reserve at least one core for the system tenant. Otherwise, binding the tenant to the resource configuration will fail during tenant creation.

  • The resources available to users of the system tenant are the total CPU resources minus the CPU resources reserved for all exclusive tenants.

View resource configurations

Connect to the database using a privileged account and run the SELECT statement to view resource configurations.

Example:

SELECT * FROM mysql.tenant_resource_config;
+----------------------+-------------------------+-------------------------+
| resource_config_name | resource_config_min_cpu | resource_config_max_cpu |
+----------------------+-------------------------+-------------------------+
| r1                   |                       0 |                       1 |
| r2                   |                       1 |                       4 |
+----------------------+-------------------------+-------------------------+

Modify resource configuration

Connect to the database using a privileged account and run the ALTER statement to modify a resource configuration.

Syntax:

ALTER resource_config <resource_config_name> min_cpu <min_cpu> max_cpu <max_cpu>;

Example:

ALTER resource_config r2 min_cpu 1 max_cpu 2;
Note
  • You cannot update a resource configuration that is currently in use by a tenant.

  • Set the min_cpu and max_cpu values based on the node specifications of your cluster.

  • When you create a resource configuration, the system does not check the configuration against the cluster node specifications. This check occurs only when a tenant is bound to the resource configuration.

  • The min_cpu value for any tenant cannot exceed the number of cores on a cluster node minus one. You must reserve at least one core for the system tenant. Otherwise, binding the tenant to the resource configuration will fail during tenant creation.

  • The resources available to users of the system tenant are the total CPU resources minus the CPU resources reserved for all exclusive tenants.

Delete resource configuration

Connect to the database using a privileged account and run the DROP statement to delete a resource configuration.

Syntax:

DROP resource_config <resource_config_name>;

Example:

DROP resource_config r1;
Note

You cannot delete a resource configuration that is currently in use by a tenant.

Tenant management

Tenants are classified as system tenants or regular tenants. The system tenant is designed for backward compatibility with existing users and does not require management operations. This section describes how to manage regular tenants.

Create tenant

Connect to the database using a privileged account and run the CREATE statement to create a new tenant.

Syntax:

CREATE tenant <tenant_name> resource_config <resource_config_name>;

Example:

CREATE tenant tn1 resource_config r1;
Note
  • A tenant name can be up to 10 characters long and can contain uppercase letters, lowercase letters, digits, and underscores (_).

  • Ensure that the sum of the min_cpu values from the resource configurations of all tenants does not exceed the number of cores on a cluster node minus one.

View tenants

Connect to the database using a privileged account and run the SELECT statement to view tenants.

Example:

SELECT * FROM mysql.tenants;
+-------------+----------------------+
| tenant_name | resource_config_name |
+-------------+----------------------+
| tn1         | r1                   |
+-------------+----------------------+

Modify tenant

Connect to the database using a privileged account and run the ALTER statement to modify a tenant.

Syntax:

ALTER tenant <tenant_name> resource_config <resource_config_name>;

Example:

ALTER tenant tn1 resource_config r2;
Note
  • A tenant name can be up to 10 characters long and can contain uppercase letters, lowercase letters, digits, and underscores (_).

  • Ensure that the sum of the min_cpu values from the resource configurations of all tenants does not exceed the number of cores on a cluster node minus one.

Delete tenant

Connect to the database using a privileged account and run the DROP statement to delete a tenant.

Syntax:

DROP tenant <tenant_name>;

Example:

DROP tenant tn1;
Note
  • Before deleting a tenant, ensure that you have deleted all databases within it. Otherwise, the operation will fail.

  • When you delete a tenant, all users associated with that tenant are automatically deleted. Proceed with caution.

User management

Users are classified as users of the system tenant or users of a regular tenant. Users of the system tenant are managed in the same way as in a non-multi-tenant environment. For more information, see Account management. This section describes how to manage users of a regular tenant.

You can perform management operations from within either the system tenant or a regular tenant.

Note
  • When you create or delete a user from within the system tenant, you must specify the username in the '<user_name>@<tenant_name>' format.

  • In standalone multi-tenant mode, usernames are limited to 20 characters and can contain only uppercase letters, lowercase letters, digits, and underscores (_).

  • The following users cannot be created within a tenant:

    • replicator

    • root

    • mysql.infoschema

    • mysql.session

    • mysql.sys

    • aurora

    • aliyun_root

  • Users of a tenant cannot be granted permissions on the __recycle_bin__, mysql, performance_schema, or sys databases.

From the system tenant

From within the system tenant, you can use a privileged account to create and delete users within a regular tenant.

Create user

Connect to the database using a privileged account and run the CREATE statement to create a user in a regular tenant.

Syntax:

CREATE USER '@' [IDENTIFIED BY ''];

Example:

-- Without a password
CREATE USER 'u1@tn1';
-- With a password
CREATE USER 'u1@tn1' IDENTIFIED BY 'password';

Delete user

Connect to the database using a privileged account and run the DROP statement to delete a user from a regular tenant.

Syntax:

DROP USER '@';

Example:

DROP USER 'u1@tn1';

Grant permissions

Connect to the database using a privileged account to grant permissions to a user of a regular tenant.

  • Grant tenant-level permissions. After these permissions are granted, the user can access all databases within that tenant.

    Example: Grant permissions on tenant tn1 to user u1.

    GRANT ALL PRIVILEGES ON `%@tn1`.* to 'u1@tn1'@'%' WITH GRANT OPTION;
  • Grant the CREATE USER permission. After this permission is granted, the user can create other users within the current tenant.

    Example: Grant the CREATE USER permission to user u1.

    GRANT CREATE USER ON *.* TO 'u1@tn1'@'%';
  • View the permissions granted to a user.

    Example: View the permissions of user u1.

    SHOW GRANTS FOR 'u1@tn1';
    +---------------------------------------------------------------------+
    | Grants for u1@tn1@%                                                 |
    +---------------------------------------------------------------------+
    | GRANT CREATE USER ON *.* TO `u1@tn1`@`%`                            |
    | GRANT ALL PRIVILEGES ON `%@tn1`.* TO `u1@tn1`@`%` WITH GRANT OPTION |
    +---------------------------------------------------------------------+

From a regular tenant

A user within a regular tenant can create and delete other users in the same tenant, provided they have the CREATE USER permission. For information about how to grant this permission, see User Management.

Create user

Connect to the database as a user of the tenant, and then run the CREATE statement to create a new user in the current tenant. For information about how to create a user for a tenant, see User Management.

Syntax:

CREATE USER '' [IDENTIFIED BY ''];

Example:

-- Without a password
CREATE USER 'u2';
-- With a password
CREATE USER 'u2' IDENTIFIED BY 'password';

Delete user

Connect to the database as a user of the tenant, and then run the DROP statement to delete a user from the current tenant.

Syntax:

DROP USER '';

Example:

DROP USER 'u2';

Grant permissions

Connect to the database by using a user of the tenant to grant permissions to another user within the same tenant.

  • Grant global permissions to a user of the current tenant.

    Syntax:

    GRANT SELECT ON *.* TO ''

    Example:

    GRANT SELECT ON *.* TO 'u2';
  • Grant database-level permissions to a user of the current tenant.

    Syntax:

    GRANT SELECT ON .* TO ''

    Example:

    GRANT SELECT ON db.* TO 'u2';
Note
  • In multi-tenant mode, mixing global and database-level grants is not supported and may cause permission checks to fail. We recommend using either global grants or database-level grants exclusively.

  • To view the permissions granted to a user, see .

Connect to a database

When connecting to the database with a client, specify the username in the format <user_name>@<tenant_name>. Once connected, the user is subject to the resource limits of their tenant.

Syntax:

mysql -h  -P  -u @ -p

Example:

mysql -h pc... -P 3306 -u u1@tn1 -p
Enter password: 

Database management

Databases are classified as databases of the system tenant or databases of a regular tenant. Databases of the system tenant are managed in the same way as in a non-multi-tenant environment. For more information, see Database management. This section describes how to manage databases of a regular tenant.

You can perform management operations from within either the system tenant or a regular tenant.

Note
  • When you create or delete a database from within the system tenant, you must specify the database name in the '<database_name>@<tenant_name>' format.

  • In standalone multi-tenant mode, database names are limited to 50 characters and can contain only uppercase letters, lowercase letters, digits, and underscores (_).

  • The following databases cannot be created within a tenant:

    • information_schema

    • performance_schema

    • mysql

    • sys

    • __recycle_bin__

    • query_rewrite

  • If you create databases with names such as dbms_ccl, dbms_outln, and dbms_consensus in a tenant, users of that tenant cannot call built-in stored procedures. In this case, you can run CALL dbms_admin.show_native_procedure(); to view all built-in stored procedures in the database.

  • If the name of a database created within a tenant is the same as a schema_name used in a built-in stored procedure, you cannot call built-in stored procedures on that database.

From the system tenant

From within the system tenant, you can use a privileged account to create and delete databases in a regular tenant.

Create database

Connect to the database using a privileged account and run the CREATE statement to create a database in a regular tenant.

Syntax:

CREATE DATABASE `@`;

Example:

CREATE DATABASE `db1@tn1`;

Delete database

Connect to the database using a privileged account and run the DROP statement to delete a database from a regular tenant.

Syntax:

DROP DATABASE `@`;

Example:

DROP DATABASE `db1@tn1`;

From a regular tenant

From within a regular tenant, you can use a user with global permissions to create and delete databases within the same tenant. For information about how to grant permissions, see User Management.

Create database

Connect to the database as a user of the tenant and run the CREATE statement to create a database for the current tenant. For information about how to create a user for a tenant, see User Management.

Syntax:

CREATE DATABASE ``;

Example:

CREATE DATABASE `db2`;

Delete database

Connect to the database as a user of the tenant and run the DROP statement to delete a database from the current tenant.

Syntax:

DROP DATABASE ``;

Example:

DROP DATABASE `db2`;

Tenant and thread bindings

  1. Connect to the database using a privileged account and run the following SQL statement to view thread group and tenant bindings:

    SELECT * FROM information_schema.thread_pool_status;
  2. Example output:

    When multi-tenant resource isolation is enabled, the query results show the exclusive tenant that is bound to the thread group. If the tenant information for a thread group is empty, that thread group is shared by multiple tenants.

    TENANT_NAME: The name of the exclusive tenant that is bound to the current thread group in the thread pool.

    +----+--------------+---------------------+----------------------+-------------------+----------------+-------------+
    | ID | THREAD_COUNT | ACTIVE_THREAD_COUNT | WAITING_THREAD_COUNT | DUMP_THREAD_COUNT |      ...       | TENANT_NAME |
    +----+--------------+---------------------+----------------------+-------------------+----------------+-------------+
    |  0 |            2 |                   0 |                    0 |                 0 |      ...       |             |
    |  1 |            2 |                   1 |                    0 |                 0 |      ...       | tn1         |
    |  2 |            4 |                   0 |                    0 |                 1 |      ...       |             |
    |  3 |            2 |                   0 |                    0 |                 0 |      ...       |             |
    |  4 |            3 |                   0 |                    0 |                 1 |      ...       |             |
    +----+--------------+---------------------+----------------------+-------------------+----------------+-------------+

View audit logs

For operations performed in multi-tenant mode, the audit logs show information about the physical database and physical user.

For example, if user u1 in tenant t2 runs an SQL statement in the db3 database, the Database column of the audit log shows db3@t2, and the Users column shows u1@t2.