百度智能云

All Product Document

          Relational Database Service

          Manage Database Account

          Create an ordinary account

          1. On the "Account Management" page of the instance, you can see the created account list and the account information.

          image.png

          1. Click the "Create Account" button to enter the "Create Account" subpage.

          Notes:

          • You cannot add a common account named root, but a high-privilege account named root.
          • Reserved keywords such as admin, guest, and SQL statement cannot be used in account creation.
          1. After setting the account name and password, click "OK" to create the account.

          Create a high-privilege account

          Baidu AI Cloud Database RDS for MySQL supports high-privilege super account, higher user privilege, and more granular access control. Relevant privileges include:

          • Privilege of creating a database in a command line: The users can create a database by batch via the command line.
          • Synchronization privilege: the users can synchronize the data between Baidu AI Cloud Database RDS for MySQL and self-built database.
          • Super Privilege: The users can perform self-monitoring and self-OPS to the RDS for MySQL, for example, monitoring or killing SQL statements with relatively long execution time.
          • Grant privilege: You can create a user with custom privilege and authorize the user for more fine-grained account management.

          Description of Feature

          The user can create only one high-privilege super account for every master instance. The account name is "rdsroot" by default, which can be subject to modification at the time of creation. Notes for creation of High-Privilege Account:

          • After the creation of a super account, account privilege cannot be modified on the account management page of the console, and it needs to be modified via the super account and using the SQL command.
          • Only one super account can be created for one instance, and the created super account can be deleted. After the deletion, the console account management mode keeps unchanged. The user can create a super account anew for access control.
          • After a super account is created in the master instance, such a super account still exists in a read-only instance.
          • The super account can access 'mysql.user" and "mysql.db" tables, but the privilege cannot be modified via direct modification to the two tables, and a given account's privilege needs to be modified via `grant select on db.* to user@' %' identified by 'password" command.
          • The super account can view existing account privilege via `show grants for user@' %" command.
          • The super account can view all account connection information via show processlist, and end the ongoing query via kill command.
          • The super account cannot modify the global variables via set global variable = onmeans.

          Description of Privilege

          List of privileges supported by high-privilege account is as follows:

          Privilege Support
          SELECT Support
          INSERT Support
          UPDATE Support
          DELETE Support
          CREATE Support
          DROP Support
          RELOAD Support
          PROCESS Support
          INDEX Support
          ALTER Support
          CREATE TEMPORARY TABLES Support
          LOCK TABLES Support
          EXECUTE Support
          REPLICATION SLAVE Support
          REPLICATION CLIENT Support
          CREATE VIEW Support
          SHOW VIEW Support
          CREATE ROUTINE Support
          ALERT ROUTINE Support
          CREATE USER Support
          EVENT Support
          TRIGGER Support
          SUPER Support in part:
          - KILL/mysqladmin kill:kill any user’s connections.
          Specify anyone in DEFINER when creating stored programs and views: specify anyone in DEFINER when creating stored programs,
          including procedures, functions, triggers, and events) and views.
          - SHOW BINARY LOGS: view BINLOG status on Master.
          - SHOW SLAVE STATUS/SHOW MASTER STATUS:view Replication status

          Operating Steps

          1. Enter the instance's "Account Management" page, select "Create Super Account", and fill in account, password, and remarks information as per prompts on the page. After successful creation, you can find the "Account Type" is a master instance super account in the Account List and can modify the password or delete the account on the Account List page.

          image.png

          Notes:

          • Since only one super account can be created for one instance, the "Create" button turns gray after successful creation. You can create the account anew after deletion.
          • After creating a high-privilege account for the first time, the user can manage the account and database using the high-privilege account and via command line. When the console creates a common account and database, action can be licensed, but the correlation between account and database is not shown any longer on the Account Management and Database Management List pages.
          • After super privilege is enabled, the console can only delete the account with IP of %. If you want to delete accounts with other IPs, you are advised to use the SQL command.

          Modify the account password

          On the "Account Management" subpage, click the "Modify Password" link next to the account and set a new password.

          image.png

          Modify account remarks

          1. On the "Account Management" subpage, move the mouse to the account line, and a Pencil marker is shown in the "Description" column.
          2. After clicking, the system shows Edit box, where you can type in the remarks information. Click "OK" for saving.

          Modify the account privilege

          1. On the "Account Management" subpage, click the "Modify Privilege" link next to the account to modify, and enter the "Modify Privilege" subpage.

          image.png

          1. After selecting the database and creating read-write privilege correlation, click "OK" to save the new privilege.

          Delete an account

          On the "Account Management" subpage, click the "Delete" link next to the account for deletion. Click the "OK" button to delete the account.

          image.png

          Previous
          Manage Database
          Next
          Monitoring and Alarm