All Products
Search

This Product

    PolarDB:Manage database accounts

    Document Center

    PolarDB:Manage database accounts

    Last Updated:Mar 28, 2026

    PolarDB-X supports two types of database accounts: privileged accounts and standard accounts. A newly created instance has no accounts by default. This topic describes how to create accounts and perform common account management tasks in the PolarDB-X console.

    Account types

    Account typeDescription
    Privileged accountOne privileged account is allowed per instance. It has full permissions on all databases in the instance and can close connections established by standard accounts. Create and manage it through the console or API operations. You cannot delete a privileged account after it is created.
    Standard accountMultiple standard accounts are allowed per instance (the maximum is determined by the kernel engine). Each standard account must be granted permissions on specific databases. Manage standard accounts through the console, API operations, or SQL statements. Standard accounts cannot create or manage other accounts, or close connections established by other accounts.
    Account types cannot be changed after creation. To switch an account's type, delete it and create a new account with the same username.

    Access restrictions

    • The host value of accounts created in the console is %, which allows connections from any IP address in the whitelists. To restrict access to specific hosts, use the privileged account to log in and run the CREATE USER statement:

      -- Replace <username>, <host>, and <password> with actual values
CREATE USER <username>@<host> IDENTIFIED BY '<password>';

    • To grant instance-level access to RAM users, see Create a RAM user.

    Prerequisites

    Before you begin, ensure that you have:

    Create an account

    1. Log on to the PolarDB-X console.

    2. In the top navigation bar, select the region where the instance is deployed.

    3. On the Instances page, click the PolarDB-X 2.0 tab.

    4. Find the instance and click its ID.

    5. In the left-side navigation pane, choose Configuration Management > Account Management.

    6. Click Create an account and configure the following parameters.

      ParameterDescription
      Account nameThe username for the account. Requirements: up to 16 characters; lowercase letters, digits, and underscores (_) only; must start with a lowercase letter and end with a lowercase letter or digit; must be unique.
      Account typesSelect privileged account or standard account.
      Authorization databaseThe databases the account can access. This parameter applies to standard accounts only and is optional—you can grant database permissions after the account is created. To add databases: select one or more databases in the Unauthorized database section and click the 456789 icon to move them to the Authorized database section. Then select the permissions to grant: Read and Write, Read Only, DML Only, or DDL Only. To apply the same permission to all selected databases at once, click the permission name (for example, All Read and Write) next to Authorized database.
      PasswordThe account password. Requirements: 8–20 characters; must include at least three of the following character types: uppercase letters, lowercase letters, digits, and special characters (@ # $ % ^ & + =).
      Confirm passwordRe-enter the password to confirm.
      Descr(Optional) A description to help identify the account. Maximum 256 characters.

    7. Click OK.

    Reset the password of a database account

    1. Log on to the PolarDB-X console.

    2. In the top navigation bar, select the region where the instance is deployed.

    3. On the Instances page, click the PolarDB-X 2.0 tab.

    4. Find the instance and click its ID.

    5. In the left-side navigation pane, choose Configuration Management > Account Management.

    6. Find the account and click Change Password in the Actions column.

    7. Enter and confirm the new password, then click OK.

      The password must be 8–20 characters and include at least three of the following character types: uppercase letters, lowercase letters, digits, and special characters (@ # $ % ^ & + =).

    Modify permissions for a standard account

    The privileged account has full permissions on all databases. Only standard account permissions can be modified.

    1. Log on to the PolarDB-X console.

    2. In the top navigation bar, select the region where the instance is deployed.

    3. On the Instances page, click the PolarDB-X 2.0 tab.

    4. Find the instance and click its ID.

    5. In the left-side navigation pane, choose Configuration Management > Account Management.

    6. Find the account and click Modify Permissions in the Actions column.

    7. In the Unauthorized database section, select one or more databases and click the 456789 icon to move them to the Authorized database section.

    8. In the Authorized database section, select the permissions to grant: Read and Write, Read Only, DML Only, or DDL Only. To apply the same permission to multiple databases at once, click the permission name (for example, All DDL Only) next to Authorized database.

    9. Click OK.

    Delete an account

    Warning

    If you delete an account, clients that use the account will fail to connect to the database. Proceed with caution.

    1. Log on to the PolarDB-X console.

    2. In the top navigation bar, select the region where the instance is deployed.

    3. On the Instances page, click the PolarDB-X 2.0 tab.

    4. Find the instance and click its ID.

    5. In the left-side navigation pane, choose Configuration Management > Account Management.

    6. Find the account and click Delete in the Actions column.

    7. In the confirmation dialog, click OK.