PolarDB for MySQL account management - PolarDB - Alibaba Cloud Documentation Center

This topic describes the Alibaba Cloud console accounts and the PolarDB database accounts.

Console accounts

You can use the following accounts to log on to the console:

Alibaba Cloud account: This type of account allows flexible control over all your Alibaba Cloud resources and is used for billing purposes. You must create an Alibaba Cloud account before you purchase Alibaba Cloud services.
RAM user. You can create and manage RAM users in the Resource Access Management (RAM) console to share resources among multiple users. RAM users do not own resources. The charges of the resources consumed by RAM users are billed to the corresponding Alibaba Cloud account.

You can use the following accounts to log on to databases in the cluster. For more information, see Create and manage database accounts.

Account type	Description
Privileged Account	Can be created and managed only in the console. Each cluster can have only one privileged account. This account can manage all standard accounts and databases in the cluster. Can create databases and standard accounts. It can also grant a standard account permissions on a specific database, which allows the standard account to add, delete, modify, and query data in that database. Provides more permissions to meet custom and fine-grained permission management needs. For example, query permissions on different tables can be assigned to different users. Can disconnect any account.
Standard Account	Can be created and managed in the console or using SQL statements. A cluster can have multiple standard accounts. The specific number depends on the database kernel. Does not have permissions to create databases or standard accounts. Can manage only authorized databases. Cannot manage other accounts or disconnect other accounts.
Global Read-only Account	Can be created and managed in the console or using SQL statements. Cannot create or manage databases. Does not have permissions to create databases or standard accounts. Can only view databases. A cluster can have multiple global read-only accounts. By default, these accounts have read-only permissions on all data. Cannot manage other accounts or disconnect other accounts.

API	Description
CreateAccount	Creates an account.
DescribeAccounts	Queries the accounts of the specified cluster.
ModifyAccountDescription	Modifies the description of a database account for the specified PolarDB cluster.
ModifyAccountPassword	Changes the password of a database account for the specified PolarDB cluster.
GrantAccountPrivilege	Grants a specified standard account the permissions on one or more databases of the specified PolarDB cluster.
RevokeAccountPrivilege	Revokes the permissions on one or more databases from the specified PolarDB standard account.
ResetAccount	Resets the permissions of a privileged account for the specified PolarDB cluster.
DeleteAccount	Deletes an account.