Creating a User

Scenarios

Multiple users with different permissions can be created to access a DB instance or database, but the permissions of these users cannot exceed the operation permissions of the account.

Procedure

1. On the top menu bar, choose Account Management > User Management.
2. On the displayed page, click Create User. Then, configure required information, such as basic information, advanced settings, global permissions, object permissions, and roles, and click Save. In the displayed dialog box, click OK. For details, see Table 2.
   

   The role function is available only to MySQL 8.0.

   You can click Add DAS IP Address to add the IP address of the DAS server to the user's host. In the user list, you can view all created users, or locate a user and click Edit and Delete in the Operation column to manage it.

   Table 1 describes the user permissions briefly. For details about permission usages and explanations, visit the official website.

   

   You can add multiple IP addresses and separate them with commas (,). For example, if you enter 192.%,193.% for Host, two users with host addresses of 192.% and 193.% will be created, respectively. The following is an example result.

   

   Table 1 Permission description

   Permission	Description
   SELECT	Permission to query a specified object, for example, a global or single database.
   INSERT	Permission to insert data into a specified object.
   UPDATE	Permission to update data of a specified object.
   DELETE	Permission to delete data from a specified object.
   CREATE	Permission to create databases and tables for a specified object.
   DROP	Permission to delete databases, tables, and views of a specified object.
   RELOAD	Permission to execute FLUSH.
   PROCESS	Permission to execute SHOW PROCESSLIST to view all the processes.
   GRANT	Permission to grant permissions to another account or reclaim permissions from another account.
   REFERENCES	Permission to create foreign keys for a specified object.
   INDEX	Permission to create or delete index for a specified object.
   ALTER	Permission to execute ALTER TABLE for a specified object.
   SHOW DATABASES	Permission to run the SHOW DATABASES command to show all databases.
   CREATE TEMPORARY TABLES	Permission to execute CREATE TEMPORARY TABLE for a specified object.
   LOCK TABLES	Permission to execute LOCK TABLES on the tables with the SELECT permission for a specified object.
   EXECUTE	Permission to execute a stored procedure for a specified object.
   REPLICATION SLAVE	Permission to allow the replica server to read binary log events from the source server.
   REPLICATION CLIENT	Permission to query the location of the source server or replica server.
   CREATE VIEW	Permission to create or alter a view for a specified object.
   SHOW VIEW	Permission to execute SHOW CREATE VIEW for a specified object.
   CREATE ROUTINE	Permission to create a stored procedure for a specified object.
   ALTER ROUTINE	Permission to alter or delete a stored procedure for a specified object.
   CREATE USER	Permission to execute CREATE USER, DROP USER, RENAME USER, and REVOKE ALL PRIVILEGES for a specified object.
   EVENT	Permission to create, modify, delete, or display the event scheduler for a specified object.
   TRIGGER	Permission to execute a trigger for a specified object. Only users with this permission can create, delete, execute, or display triggers of a table.

   Table 2 User information description

   Parameter	Description
   Username	Name of the new user
   Host	Whitelisted IP address allowed to access the database server. If you leave this parameter empty or enter %, the user can access all IP addresses. If you enter multiple IP addresses, separate them with commas (,), for example, 192.%,193.%.
   Password	Password of the user. The password: Contains 8 to 32 characters. Must contain at least three types of lowercase letters, uppercase letters, digits, and the following special characters: ~!@#%^*-_=+?,()& Cannot be the username or the username backwards. Cannot be a weak password.
   Confirm Password	-
   Max. Queries Per Hour	Maximum queries that this user can execute within an hour. If this parameter is left empty or set to 0, there is no limit on the maximum queries.
   Max. Updates Per Hour	Maximum updates that this user can execute within an hour. If this parameter is left empty or set to 0, there is no limit on the maximum updates.
   Max. Connections Per Hour	Maximum connections that this user can connect to the database server within an hour. If this parameter is left empty or set to 0, there is no limit on the maximum connections.
   Max. User Connections	Maximum concurrent connections to the server. If this parameter is left empty or set to 0, there is no limit on the maximum concurrent connections.
   SSL Type	Type of authenticating user requests to the server
   Issuer	Authority that issues the X.509 certificate used for connecting users to the server
   Subject	Subject of the X.509 certificate used for connecting users to the server
   Algorithm	Method of encrypting connections between the user and the server
   Global Permissions	Permissions granted to the user to perform operations on all databases in the instance
   Object Permissions	Permissions granted to the user on specific objects For example,the following settings grant the permission to the user to query the ID of table user_test in database db_test.
   Role	Role of the user The role function is available only to MySQL 8.0. Role Name: You can select an existing username in this instance. Grant Role: Whether the new user can grant permissions of the selected role to another user. Default Role: Whether the new user can inherit permissions of the selected role. For example, the following settings indicate that user_2 can inherit permissions of user@ and can grant permissions of user@ to another user.