All Products
Search
Document Center

Manage accounts

Last Updated: Mar 23, 2022

Before you manage accounts, visit the Alibaba Cloud official website, log on to the Lindorm Time Series Database (TSDB) console, and then select the instance that you purchased. TSDB V1.0 that uses an engine version of 2.5.13 or later supports account management. Accounts are divided into super accounts and standard accounts. You can manage all accounts in the console. Account permissions are divided into the following types: read-only, write-only, read and write, and super.

Manage accounts

Enable the account management feature

On the Accounts page in the TSDB console, click Activate User Management.

Create an account
  1. On the Accounts page in the TSDB console, click Create.

  2. On the page that appears, specify the account name and the account password.

    • Create a super account.

    • Create a standard account.

    Parameters:

    • Account Name: The account name must be 1 to 10 characters in length and can contain letters, digits, and underscores (_). The first character of the account name must be a letter and the last character must be a letter or a digit.

    • Password: The password must be 6 to 20 characters in length andcan contain only letters, digits, underscores (_), at signs (@), number signs (#), and periods (.).

  3. View the account that you created, as shown in the following figure. In this example, the account test is created.

Delete an account

On the Accounts page, find the account that you want to delete and click Delete, as shown in the following figure.

Note: You cannot change the password of an account or modify the permissions that are granted to an account.
Disable the account management feature

On the Accounts page in the TSDB console, click Deactivate User Management.

Authenticate an account to perform read or write operations on the TSDB instance

After you create an account based on the preceding procedure, you can use the account to perform read or write operations on the TSDB instance. If you enable account management, you must authenticate your account each time you send HTTP API requests to access the TSDB instance. The policies used to define permissions on HTTP API requests vary based on the account types. For more information, see Permission policies for common API requests.

Check whether the account that you created is available

To check whether an account is available, use curl to send an api/put or api/query request based on the permissions that are granted to the account. For example, you can run the following command to send an api/put request:

curl -X POST -u ${Account name}:${Account password in the plaintext format} http://ts-xxxxxxx.hitsdb.tsdb.aliyuncs.com:8242/api?summary -d '[{"metric":"sys.cpu.nice","timestamp":1346846400,"value":18,"tags":{"host":"web01","dc":"lga"}}]'
Specify account information in TSDB SDK
You must specify account information for authentication. When you create a TSDBConfig object, call the basicAuth() method to specify the name of the account that you created and the account password in the plaintext format. All connections that are established by using the TSDBConfig object carry the specified account information.

Note

To access a TSDB instance for which account authentication is enabled, use TSDB SDK V0.2.7 or later.

Specify account information in non-Java applications

For applications that do not support TSDB SDK, such as Python or Go applications, you must add the Authorization field as a header to an HTTP request. The Authorization field contains a credential for basic authentication. The credential is organized in the format that is based on the RFC 2617 standard. Only the HTTP requests that contain the Authorization field can be processed by TSDB. If an HTTP request does not contain the Authorization field, the HTTP request is rejected.

Format of a credential for basic authentication:
Basic {Base64-encoded authentication information}

Format of Base64-encoded authentication information: %Authorization:Basic ${Account name}:${Account password}%. You must separate the fields with colons (:).

Permission policies for common API requests

API request

No credential

WriteOnly

ReadOnly

ReadWrite

Super

/api/put

×

×

/api/query

×

×

/api/query/last

×

×

/api/mput

×

×

/api/mquery

×

×

/api/query/mlast

×

×

/api/prom_write

×

×

/api/prom_read

×

×

/api/suggest

×

×

/api/dump_meta

×

×

/api/search/lookup

×

×

/api/ttl

×

×

×

×

/api/delete_meta

×

×

/api/delete_data

×

×

/api/truncate

×

×

×

×