Database Account Security
Password Strength Requirements
SQL Server supports disabling of the database password complexity check. However, to ensure database security, you are advised not to disable it.
- For database password strength requirements on the RDS console, see the database configuration table in Buying an RDS Microsoft SQL Server DB Instance.
- RDS has a password security policy for database users. You are advised to enable this policy. Passwords must:
- Consist of 8 to 128 characters.
- Contain at least three types of the following: uppercase letters, lowercase letters, digits, and special characters.
- Not contain the username.
When you create DB instances, your password strength is checked. You can modify the password strength as user rdsuser. For security reasons, you are advised to use a password that is at least as strong as the default one.
Account Description
To provide O&M services, the system automatically creates system accounts when you create Microsoft SQL Server DB instances. These system accounts cannot be used by users.
Attempting to delete, rename, change passwords for, or change privileges for these accounts will result in an error.
- rdsadmin: indicates the super administrator of DB instances. The account has the sysadmin service role and is used to query and modify DB instance information, rectify faults, migrate data, and restore data.
- rdsmirror: indicates the primary/standby replication account, which is used to create mirroring endpoints.
- rdsbackup: indicates the backup account, which is used for background backup.
- Mike: indicates the Windows system account of SQL Server. It is used to initialize SQL statements during the DB instance initialization, including creating the rdsadmin database and related accounts.
Last Article: Database and Account Management (Non-Administrator)
Next Article: Data Security
Did this article solve your problem?
Thank you for your score!Your feedback would help us improve the website.