All Products
Search
Document Center

ApsaraDB RDS:Create a system admin account

Last Updated:Jun 19, 2024

A system admin account is the most powerful role in SQL Server. This role can bypass all security checks and perform all operations in SQL Server. This topic describes how to create a system admin account on an ApsaraDB RDS for SQL Server instance. You can use the system admin account to migrate the data of an on-premises SQL Server instance to the RDS instance.

Prerequisites

  • The RDS instance meets the following requirements:

    • The RDS instance runs RDS Basic Edition, RDS High-availability Edition, or RDS Cluster Edition. If your RDS instance runs RDS High-availability Edition, make sure that the instance runs SQL Server 2012 or later.

    • The RDS instance belongs to the general-purpose or dedicated instance family. The shared instance family is not supported.

    • The RDS uses the subscription or pay-as-you-go billing method. Serverless instances are not supported.

    • The RDS instance resides in a virtual private cloud (VPC). For more information about how to change the network type of an RDS instance, see Change the network type.

    • The creation time of the RDS instance meets the following requirements:

      • If the RDS instance runs RDS High-availability Edition or RDS Cluster Edition, the instance is created on or after January 01, 2021.

      • If the RDS instance runs RDS Basic Edition, the instance is created on or after September 02, 2022.

      Note

      You can view the Creation Time parameter of an RDS instance in the Status section of the Basic Information page in the ApsaraDB RDS console.

  • An Alibaba Cloud account is used to log on to the RDS instance.

Usage notes

  • You can create only one system admin account for each RDS instance. The system admin account cannot be deleted in the ApsaraDB RDS console, by calling an API operation, or by using Terraform.

  • You cannot create system admin accounts for RDS instances in the CloudTmall system.

  • You cannot use the following usernames for system admin accounts:

    root|admin|eagleye|master|aurora|sysadmin|administrator|mssqld|public|securityadmin|serveradmin|setupadmin|processadmin|diskadmin|dbcreator|bulkadmin|tempdb|msdb|model|distribution|mssqlsystemresource|guest|add|except|percent|all|exec|plan|alter|execute|precision|and|exists|primary|any|exit|print|as|fetch|proc|asc|file|procedure|authorization|fillfactor|public|backup|for|raiserror|begin|foreign|read|between|freetext|readtext|break|freetexttable|reconfigure|browse|from|references|bulk|full|replication|by|function|restore|cascade|goto|restrict|case|grant|return|check|group|revoke|checkpoint|having|right|close|holdlock|rollback|clustered|identity|rowcount|coalesce|identity_insert|rowguidcol|collate|identitycol|rule|column|if|save|commit|in|schema|compute|index|select|constraint|inner|session_user|contains|insert|set|containstable|intersect|setuser|continue|into|shutdown|convert|is|some|create|join|statistics|cross|key|system_user|current|kill|table|current_date|left|textsize|current_time|like|then|current_timestamp|lineno|to|current_user|load|top|cursor|national|tran|database|nocheck|transaction|dbcc|nonclustered|trigger|deallocate|not|truncate|declare|null|tsequal|default|nullif|union|delete|of|unique|deny|off|update|desc|offsets|updatetext|disk|on|use|distinct|open|user|distributed|opendatasource|values|double|openquery|varying|drop|openrowset|view|dummy|openxml|waitfor|dump|option|when|else|or|where|end|order|while|errlvl|outer|with|escape|over|writetext||dbo|login|sys|drc_rds$

Procedure

  1. Go to the Instances page. In the top navigation bar, select the region in which the RDS instance resides. Then, find the RDS instance and click the ID of the instance.
  2. In the left-side navigation pane, click Accounts.

  3. On the page that appears, click Create Account, configure the following parameters, and then click OK.

    Warning
    • The System Admin role is available only for Alibaba Cloud accounts. After the System Admin role is enabled for your Alibaba Cloud account, you can create system admin accounts for all instances that run SQL Server and are created by using the Alibaba Cloud account in the console. The permissions to create the system admin account cannot be disabled or revoked.

    • The system admin account has permissions that are beyond the management scope of ApsaraDB RDS for SQL Server. If you create a system admin account for your RDS instance, the service availability that is specified in Alibaba Cloud service level agreement (SLA) is no longer guaranteed for the RDS instance.

    Parameter

    Description

    Database Account

    The username of the account. It must be 2 to 64 characters in length and can contain lowercase letters, digits, and underscores (_). It must start with a lowercase letter and end with a lowercase letter or a digit.

    Account Type

    The type of the account. Select System Admin Account. Then, read the agreement and select I have read and agree to changes to the RDS Service Level Agreement caused by the creation of a system admin account.

    Note
    • If you create the system admin account for the first time by using your Alibaba Cloud account, you must read the instructions and select I have read and understand the preceding notes. Enable the System Admin role.

    • If this account type is not displayed, you must check whether the prerequisites are met.

    • For more information about other types of accounts, see Create an account and Create and use a host account for logons.

    New Password

    The password of the account. The password must meet the following requirements:

    • It is 8 to 32 characters in length.

    • It contains at least three types of the following characters: uppercase letters, lowercase letters, digits, and special characters.

    • Special characters include ! @ # $ % ^ & * ( ) _ + - =

    Confirm Password

    The password of the account.

    Description

    The description of the account. The description can be up to 256 characters in length.

  4. Optional. Reset the password of the account or disable the account.

    You can click Reset Password or Deactivate Account in the Actions column to manage the account. For more information, see Reset the password of an account.

    image

References