This topic describes how to create an account on an ApsaraDB RDS for PostgreSQL instance.
Account types
RDS instances support two types of accounts: privileged accounts and standard accounts. The following table describes these types of accounts.
Account type | Description |
Privileged account |
Note
|
Standard account |
|
Usage notes
You can create multiple privileged accounts and standard accounts in the ApsaraDB RDS console. You can also create and manage standard accounts by using SQL statements.
Before you migrate data from an on-premises database to an RDS instance, you must create a database with the same name and an account with the same username and password in the RDS instance.
We recommend that you follow the principle of least privilege (PoLP) and grant the read and write permissions to accounts based on your business requirements. You can create multiple accounts and grant each account only the permissions to access the data of specified databases. If an account does not need to write data to a database, we recommend that you grant only the read permissions on the database to the account.
For security purposes, we recommend that you specify strong passwords for the accounts and change the passwords on a regular basis.
Procedure
Go to the Instances page. In the top navigation bar, select the region in which the RDS instance resides. Then, find the RDS instance and click the ID of the instance.
In the left-side navigation pane of the page that appears, click Accounts.
On the page that appears, click Create Account.
Configure the following parameters.
Parameter
Description
Database Account
The username of the account. It must be 2 to 63 characters in length.
It can contain lowercase letters, digits, and underscores (_).
It must start with a letter and end with a letter or a digit.
It cannot be the same as the username of an existing account.
It cannot start with pg.
It cannot contain SQL keywords. For more information, see SQL Keywords.
Account Type
The type of the account. Two types of accounts are supported: privileged accounts and standard accounts.
A privileged account has all operation permissions on all databases.
Standard accounts have all operation permissions only on their authorized databases.
NoteThe permitted operations include SELECT, INSERT, UPDATE, DELETE, TRUNCATE, REFERENCES, and TRIGGER.
To perform fine-grained account permission management, such as create an account that only has the read permission, see Manage permissions in an ApsaraDB RDS for PostgeSQL instance.
New Password
The password of the account. It must be 8 to 32 characters in length.
It must contain at least three types of the following characters: uppercase letters, lowercase letters, digits, and special characters.
It can contain any of the following special characters: ! @ # $ % ^ & * ( ) _ + - =
Confirm Password
The password of the account.
Description
The description of the account.
Click OK.
Related operations
Operation | Description |
Creates an account that is used to manage the databases of an instance. |