Enable and disable the three-role mode - PolarDB - Alibaba Cloud Documentation Center

You can enable and disable the three-role mode in the PolarDB-X console. After you enable the three-role mode for your PolarDB-X instance, the privileged account is selected as the database administrator (DBA) account, and you must create a security administrator (DSA) account and a data audit administrator (DAA) account. This topic describes how to enable and disable the three-role mode.

Enable the three-role mode

Log on to the PolarDB for Xscale console.
In the top navigation bar, select the region where the target instance is located.
On the Instances page, click the PolarDB-X 2.0 tab.
Find the target instance and click its ID.
In the left-side navigation pane, choose Configuration Management > Security Management.
Click the Account Permissions tab. On the page that appears, turn on the Current Account Security Mode switch.
Note
Create the privileged account before you enable the three-role mode. For more information, see Create an account.

In the Create accounts for the three roles panel, configure the following parameters.

Parameter	Description
Account Name	The name of the account. Note The account name must meet the following requirements: The name must be a maximum of 16 characters in length and can contain lowercase letters, digits, and underscores (_). The name must start with a lowercase letter and end with a lowercase letter or a digit. The name must be unique.
Account Type	The value is always Security administrator account.
Password	Enter the password for the account. Note The password must meet the following requirements: The password must be 8 to 20 characters in length. The password must contain at least three of the following character types: uppercase letters, lowercase letters, digits, and special characters. Supported special characters: @#$%^&+=
Confirm Password	Enter the password for the account again.
Description	Optional. The information about the account. The description helps you better manage the account later. The description must be a maximum of 256 characters in length.

Click Next and configure the following parameters.

Parameter	Description
Account Name	The name of the account. Note The account name must meet the following requirements: The name must be a maximum of 16 characters in length and can contain lowercase letters, digits, and underscores (_). The name must start with a lowercase letter and end with a lowercase letter or a digit. The name must be unique.
Account Type	The value is always Audit administrator account.
Password	Enter the password for the account. Note The password must meet the following requirements: The password must be 8 to 20 characters in length. The password must contain at least three of the following character types: uppercase letters, lowercase letters, digits, and special characters. Supported special characters: @#$%^&+=
Confirm Password	Enter the password for the account again.
Description	Optional. The information about the account. The description helps you better manage the account later. The description must be a maximum of 256 characters in length.

Click OK.
Note
About 3 to 5 seconds are required for the new configuration to take effect.

Disable the three-role mode

Log on to the PolarDB for Xscale console.
In the top navigation bar, select the region where the target instance is located.
On the Instances page, click the PolarDB-X 2.0 tab.
Find the target instance and click its ID.
In the left-side navigation pane, choose Configuration Management > Security Management.
Click the Account Permissions tab. On the page that appears, turn off the Current Account Security Mode switch.
In the dialog box that appears, click OK.
In the Password Verification of Privileged Account dialog box that appears, enter the password of the privileged account and click OK.
Note
About 3 to 5 seconds are required for the new configuration to take effect.