Create an account and a database for an ApsaraDB RDS for PostgreSQL instance - ApsaraDB RDS

To use ApsaraDB RDS, you must create a database and an account for your instance. This topic describes how to create a database and an account for an ApsaraDB RDS for PostgreSQL instance.

Account types

ApsaraDB RDS for PostgreSQL instances support two types of database accounts: privileged accounts and standard accounts. The following table describes these account types.

Account type	Description
Privileged Account	You can create and manage privileged accounts only in the ApsaraDB RDS console or by calling API operations. You can create multiple privileged accounts to manage all standard accounts and databases. Privileged accounts are granted more permissions to meet custom and fine-grained permission management requirements. For example, you can grant the query permissions on different tables to different users. You can disconnect any account. Note If the privileged account that you create is the first privileged account of the instance, this account becomes the schema owner of the public schema in the standard system database named template1. The CREATE DATABASE command creates a database by replicating the template1 database by default. The schema owner of the public schema in the databases that are created in this manner is the first privileged account. The remarks for the first privileged account default to `template1 public schema owner`. You can customize the remarks based on your requirements.
Standard Account	You can create and manage standard accounts in the ApsaraDB RDS console, by calling API operations, or by running SQL statements. You can create multiple standard accounts for an instance. You must manually grant permissions on specific databases to standard accounts. A standard account cannot be used to create or manage other accounts, or disconnect other accounts.

Usage notes

You can create multiple privileged and standard accounts in the ApsaraDB RDS console. You can also create and manage standard accounts by running SQL commands.
If you want to migrate a self-managed database to ApsaraDB RDS, you must create an account and a database in the RDS instance that have the same names as the account and database in the self-managed database.
When you assign permissions, create accounts based on business roles and the principle of least privilege. Assign read-only or read/write permissions as needed. To ensure that each database account can access only the data within its business scope, you can configure permissions with greater granularity. If an account does not require write permissions, assign only read-only permissions to that account.
To ensure database security, set a strong password for your database account and change it regularly.

Create an account

Go to the Instances page. In the top navigation bar, select the region in which the RDS instance resides. Then, find the RDS instance and click the ID of the instance.
In the left-side navigation pane of the page that appears, click Accounts.
On the page that appears, click Create Account.

Configure the following parameters.

Parameter	Description
Database Account	The username of the account. It must be 2 to 63 characters in length. It can contain lowercase letters, digits, and underscores (_). It must start with a letter and end with a letter or a digit. It cannot be the same as the username of an existing account. It cannot start with pg. It cannot contain SQL keywords. For more information, see SQL Keywords.
Account Type	The type of the account. Two types of accounts are supported: privileged accounts and standard accounts. A privileged account has all operation permissions on all databases. Standard accounts have all operation permissions only on their authorized databases. Note The permitted operations include SELECT, INSERT, UPDATE, DELETE, TRUNCATE, REFERENCES, and TRIGGER. To perform fine-grained account permission management, such as create an account that only has the read permission, see Manage permissions in an ApsaraDB RDS for PostgeSQL instance.
New Password	The password of the account. It must be 8 to 32 characters in length. It must contain at least three types of the following characters: uppercase letters, lowercase letters, digits, and special characters. It can contain any of the following special characters: ! @ # $ % ^ & * ( ) _ + - =
Confirm Password	The password of the account.
Description	The description of the account.

Click OK.

Create a database

Go to the Instances page. In the top navigation bar, select the region in which the RDS instance resides. Then, find the RDS instance and click the ID of the instance.
In the left-side navigation pane of the page that appears, click Databases.
On the page that appears, click Create Database.

Configure the following parameters.

Parameter	Description
Database Name	The name of the database. It must comply to the following constraints: Be up to 63 characters in length. Contain only lowercase letters, digits, hyphens (-), and underscores (_). Start with a lowercase letter and end with a lowercase letter or a digit.
Supported Character Set	The character set that is supported by the database. Important You cannot change the supported character set of the database after the database is created.
Collate	The rule based on which strings are sorted.
Ctype	The type of character supported by the database.
Authorized By	The owner of the database. The owner has all permissions on the database.
Description	The description of the database.

Click Create.

You can view information about the database that you create on the Databases page. 创建的账号

Parameter

Description

ConnLimit

The maximum number of concurrent requests that is allowed by the database. By default, the number of concurrent requests is unlimited. If you want to change the value of this parameter, you can use a privileged account to log on to the database and execute the ALTER DATABASE <Database name> CONNECTION LIMIT <Number of concurrent requests>; statement.

Tablespace

The tablespace to which the database belongs. Default value: pg_default. The paths of tablespaces cannot be viewed and modified.

If you use methods such as the cloud migration feature to migrate data from a self-managed database to the database on your RDS instance, the tablespace name of the self-managed database is the same as that of the database on your RDS instance. You can change the name of the tablespace to which a database or a table belongs to pg_default. For more information about the cloud migration feature, see Use the cloud migration feature for an ApsaraDB RDS for PostgreSQL instance.

FAQ

Can I use an account that is created on a primary instance on a read-only instance?

Yes, you can. Accounts created on a primary instance are synchronized to its read-only instances. You cannot manage accounts on read-only instances. These accounts have only read-only permissions on the read-only instances.

Related API operations

API operation	Description
Create a database account	Creates an account.