Compute
Elastic Cloud Server
Huawei Cloud Flexus
Bare Metal Server
Auto Scaling
Image Management Service
Dedicated Host
FunctionGraph
Cloud Phone Host
Huawei Cloud EulerOS
Networking
Virtual Private Cloud
Elastic IP
Elastic Load Balance
NAT Gateway
Direct Connect
Virtual Private Network
VPC Endpoint
Cloud Connect
Enterprise Router
Enterprise Switch
Global Accelerator
Management & Governance
Cloud Eye
Identity and Access Management
Cloud Trace Service
Resource Formation Service
Tag Management Service
Log Tank Service
Config
Resource Access Manager
Simple Message Notification
Application Performance Management
Application Operations Management
Organizations
Optimization Advisor
IAM Identity Center
Cloud Operations Center
Resource Governance Center
Migration
Server Migration Service
Object Storage Migration Service
Cloud Data Migration
Migration Center
Cloud Ecosystem
KooGallery
Partner Center
User Support
My Account
Billing Center
Cost Center
Resource Center
Enterprise Management
Service Tickets
HUAWEI CLOUD (International) FAQs
ICP Filing
Support Plans
My Credentials
Customer Operation Capabilities
Partner Support Plans
Professional Services
Analytics
MapReduce Service
Data Lake Insight
CloudTable Service
Cloud Search Service
Data Lake Visualization
Data Ingestion Service
GaussDB(DWS)
DataArts Studio
Data Lake Factory
DataArts Lake Formation
IoT
IoT Device Access
Others
Product Pricing Details
System Permissions
Console Quick Start
Common FAQs
Instructions for Associating with a HUAWEI CLOUD Partner
Message Center
Security & Compliance
Security Technologies and Applications
Web Application Firewall
Host Security Service
Cloud Firewall
SecMaster
Anti-DDoS Service
Data Encryption Workshop
Database Security Service
Cloud Bastion Host
Data Security Center
Cloud Certificate Manager
Edge Security
Situation Awareness
Managed Threat Detection
Blockchain
Blockchain Service
Web3 Node Engine Service
Media Services
Media Processing Center
Video On Demand
Live
SparkRTC
MetaStudio
Storage
Object Storage Service
Elastic Volume Service
Cloud Backup and Recovery
Storage Disaster Recovery Service
Scalable File Service
Volume Backup Service
Cloud Server Backup Service
Data Express Service
Dedicated Distributed Storage Service
Scalable File Service Turbo
Containers
Cloud Container Engine
Software Repository for Container
Application Service Mesh
Ubiquitous Cloud Native Service
Cloud Container Instance
Databases
Relational Database Service
Document Database Service
Data Admin Service
Data Replication Service
GeminiDB
GaussDB
Distributed Database Middleware
Database and Application Migration UGO
TaurusDB
Middleware
Distributed Cache Service
API Gateway
Distributed Message Service for Kafka
Distributed Message Service for RabbitMQ
Distributed Message Service for RocketMQ
Cloud Service Engine
Multi-Site High Availability Service
EventGrid
Dedicated Cloud
Dedicated Computing Cluster
Business Applications
Workspace
ROMA Connect
Message & SMS
Domain Name Service
Edge Data Center Management
Meeting
AI
Face Recognition Service
Graph Engine Service
Content Moderation
Image Recognition
Optical Character Recognition
ModelArts
ImageSearch
Conversational Bot Service
Speech Interaction Service
Huawei HiLens
Video Intelligent Analysis Service
Developer Tools
SDK Developer Guide
API Request Signing Guide
Terraform
Koo Command Line Interface
Content Delivery & Edge Computing
Content Delivery Network
Intelligent EdgeFabric
CloudPond
Solutions
SAP Cloud
High Performance Computing
Developer Services
ServiceStage
CodeArts
CodeArts PerfTest
CodeArts Req
CodeArts Pipeline
CodeArts Build
CodeArts Deploy
CodeArts Artifact
CodeArts TestPlan
CodeArts Check
CodeArts Repo
Cloud Application Engine
MacroVerse aPaaS
KooMessage
KooPhone
KooDrive
On this page

Show all

Creating a User

Updated on 2024-11-28 GMT+08:00

Multiple users with different permissions can be created to access a DB instance or database, but the permissions of these users must be within a certain range.

Procedure

  1. Log in to the DAS console.
  2. Click in the upper left corner and select a region and project.
  3. Click in the upper left corner, and under Databases, click Data Admin Service.
  4. In the navigation pane on the left, choose Development Tool.

    You can also click Go to Development Tool on the overview page.

  5. Locate the DB instance that you want to log in to and click Log In in the Operation column.
  6. On the top menu bar, choose Account Management > User Management.

    Figure 1 User management

  7. Click Create User.

    Figure 2 Creating a user

    Configure required details, such as basic information, advanced settings, global permissions, object permissions, and roles by referring to Table 1.

    Table 1 Parameter description

    Type

    Parameter

    Configuration Description

    Basic Information

    Username

    Name of the new user.

    Host

    Whitelisted IP addresses allowed to access the database server.

    • If you leave this parameter blank or enter %, the user can access all IP addresses.
    • If you enter multiple IP addresses, separate them with commas (,).

      For example, if you enter 192.%,193.% for Host, two users with host addresses of 192.% and 193.% will be created, respectively.

    • You can click Add DAS IP Address to add a DAS server IP address to the user host.

    Password

    Password of the user. The password:

    • Can include 8 to 32 characters.
    • Contains at least three types of the following characters: lowercase letters, uppercase letters, digits, and special characters ~!@#$%^*-_=+?,()&. |
    • Cannot be the username or the username spelled backwards.
    • Cannot be a weak password.

    Confirm Password

    The value must be the same as the user password you set.

    Advanced Settings

    Max. Queries Per Hour

    Maximum queries that this user can execute within an hour. If this parameter is left empty or set to 0, there is no limit on the maximum queries.

    Max. Updates Per Hour

    Maximum updates that this user can execute within an hour. If this parameter is left empty or set to 0, there is no limit on the maximum updates.

    Max. Connections Per Hour

    Maximum connections (of this user) to the DAS server within an hour. If this parameter is left empty or set to 0, there is no limit on the maximum connections.

    Max. User Connections

    Maximum concurrent connections to the server. If this parameter is left empty or set to 0, there is no limit on the maximum concurrent connections.

    SSL Type

    Type of certificates for authenticating user requests sent to the server.

    Issuer

    Authority that issues X.509 certificates for connecting the user to the server.

    Subject

    Subject of the X.509 certificates for connecting the user to the server.

    Algorithm

    Method of encrypting connections between the user and the server.

    Global Permissions

    Permissions granted to the user to perform operations on all databases in the current instance.

    For details about the global permissions that can be configured, see Table 2. For details about permission usages and explanations, visit the official website.

    Object Permissions

    Permissions granted to the user on specific objects.

    For details about the object permissions that can be configured, see Table 2. For details about permission usages and explanations, visit the official website.

    Example:

    The following settings grant the user the permission to query the ID of table user_test in database db_test.

    Figure 3 Adding an object permission

    On the Object Permissions tab, you can add or delete object permissions and click Save. In the displayed dialog box, click OK.

    Role

    Role of the user. Roles are only supported for MySQL 8.0.

    • Role Name: You can select an existing username in this instance.
    • Grant Role: Whether the new user can grant permissions of the selected role to another user.
    • Default Role: Whether the new user can inherit permissions of the selected role.
    NOTE:

    To manage roles, the current account must have the ROLE_ADMIN permission. You can manually assign the permission. For example, you can run the GRANT ROLE_ADMIN on *.* TO 'root'@' %' command to assign the ROLE_ADMIN permission to user root.

    Example:

    The following settings indicate that user_2 can inherit permissions of user@ and can grant permissions of user@ to another user.

    Figure 4 Granting permissions
    Table 2 Permission description

    Permission

    Description

    SELECT

    Permission to query a specified object, for example, a global or single database.

    INSERT

    Permission to insert data into a specified object.

    UPDATE

    Permission to update data of a specified object.

    DELETE

    Permission to delete data from a specified object.

    CREATE

    Permission to create databases and tables for a specified object.

    DROP

    Permission to delete databases, tables, and views from a specified object.

    RELOAD

    Permission to execute FLUSH.

    PROCESS

    Permission to execute SHOW PROCESSLIST to view all the processes.

    GRANT

    Permission to grant a specified object the permissions of another account or reclaim permissions from other accounts.

    REFERENCES

    Permission to create foreign keys for a specified object.

    INDEX

    Permission to create or delete an index for a specified object.

    ALTER

    Permission to execute ALTER TABLE for a specified object.

    SHOW DATABASES

    Permission to run SHOW DATABASES to show all databases.

    CREATE TEMPORARY TABLES

    Permission to execute CREATE TEMPORARY TABLE for a specified object.

    LOCK TABLES

    Permission to execute LOCK TABLES on the tables with the SELECT permission for a specified object.

    EXECUTE

    Permission to execute a stored procedure for a specified object.

    REPLICATION SLAVE

    Permission to allow the replica server to read binary log events from the source server.

    REPLICATION CLIENT

    Permission to query locations of the source server or replica server.

    CREATE VIEW

    Permission to create or alter a view for a specified object.

    SHOW VIEW

    Permission to execute SHOW CREATE VIEW for a specified object.

    CREATE ROUTINE

    Permission to create a stored procedure for a specified object.

    ALTER ROUTINE

    Permission to alter or delete a stored procedure for a specified object.

    CREATE USER

    Permission to execute CREATE USER, DROP USER, RENAME USER, and REVOKE ALL PRIVILEGES for a specified object.

    EVENT

    Permission to create, modify, delete, or display the event scheduler for a specified object.

    TRIGGER

    Permission to execute a trigger for a specified object. Only users with this permission can create, delete, execute, or display triggers of a table.

  8. After configuring required parameters, click Save. In the preview dialog box, click OK.
  9. Return to the user management page.

    In the user management list, edit, rename, or delete the created users.

We use cookies to improve our site and your experience. By continuing to browse our site you accept our cookie policy. Find out more

Feedback

Feedback

Feedback

0/500

Selected Content

Submit selected content with the feedback