All Products
Search
Document Center

ApsaraDB RDS:Create accounts and databases

Last Updated:Jul 10, 2023

Before you can use an ApsaraDB RDS instance, you must create databases and accounts on the RDS instance. This topic describes how to create accounts and databases on an ApsaraDB RDS for SQL Server instance.

Prerequisites

An RDS instance is created. For more information, see Create an ApsaraDB RDS for SQL Server instance.

Usage notes

  • Databases that are created on an RDS instance share all the resources that belong to the instance. You can manage standard accounts and databases by using SQL statements.

  • We recommend that you follow the principle of least privilege (PoLP) and grant the read and write permissions to accounts based on your business requirements. You can create multiple accounts and grant each account only the permissions to access the data of specified databases. If an account does not need to write data to a database, we recommend that you grant only the read permissions on the database to the account.

  • For security purposes, we recommend that you specify strong passwords for accounts and change the passwords on a regular basis.

  • If this is the first time you create an account on the RDS instance, you must create a privileged account. You can create only one privileged account for each RDS instance. You cannot delete a privileged account.

Create an account

  1. Go to the Instances page. In the top navigation bar, select the region in which the RDS instance resides. Then, find the RDS instance and click the ID of the instance.
  2. In the left-side navigation pane, click Accounts.

  3. On the page that appears, click Create Account and configure the following parameters.

    Parameter

    Description

    Database Account

    The name of the account. It must be 2 to 64 characters in length, and can contain lowercase letters, digits, and underscores (_). It must start with a lowercase letter and end with a lowercase letter or a digit.

    Account Type

    Privileged Account: If this is the first time you create an account on the RDS instance, you must create a privileged account. You can create only one privileged account for each RDS instance. You cannot delete a privileged account.

    Standard Account: You can create multiple standard accounts for an RDS instance. You must manually grant the permissions on databases to each standard account.

    Note

    Authorize Database:

    You can grant different permissions on one or more databases to a Standard Account. If no databases are created, you can leave this parameter empty. To grant permissions on a database to an account, perform the following steps:

    1. In the Unauthorized Databases section, select the databases on which you want to grant permissions to the account.

    2. Click the image.png icon to add the selected databases to the Authorized Databases: section.

    3. Grant the Read/Write (DML), Read-only, or Owner permissions on the databases to the account.

      Note

      The account is authorized to create tables, delete tables, and modify schemas in a database only when it has the Owner permissions on the database.

    New Password

    The password of the account. The password must meet the following requirements:

    • It is 8 to 32 characters in length.

    • It must contain at least three types of the following characters: uppercase letters, lowercase letters, digits, and special characters.

    • It can contain the following special characters: ! @ # $ % ^ & * ( ) _ + - =

    Confirm Password

    The password of the account.

    Description

    The description of the account. The description can be up to 256 characters in length.

  4. Click OK.

Create a database

  1. Go to the Instances page. In the top navigation bar, select the region in which the RDS instance resides. Then, find the RDS instance and click the ID of the instance.
  2. In the left-side navigation pane, click Databases.

  3. On the page that appears, click Create Database and configure the following parameters.

    Parameter

    Description

    Database Name

    The name of the database. The name must be 2 to 64 characters in length and can contain letters, digits, underscores (_), and hyphens (-). The name must start with a letter and end with a letter or a digit.

    Supported Character Set

    The character set of the database.

    Description

    The description of the database. The description can be up to 256 characters in length.

  4. Click Create.

FAQ

Can I manage the accounts that are created on the primary RDS instance on read-only RDS instances?

No, you cannot manage the accounts on the read-only RDS instances. The accounts that are created on your primary RDS instance are synchronized to the read-only RDS instances and have only read permissions on the read-only RDS instances.

Related operations

Operation

Description

CreateAccount

Creates an account on an instance.

CreateDatabase

Creates a database on an instance.