- What's New
- Function Overview
- Service Overview
- Billing
- Getting Started
-
User Guide
- Permissions Management
- Logging in to a DB Instance
-
MySQL
- Account Management
- Database Management
- SQL Operations
- Table Management
- View Management
- Stored Procedure Management
- Event Management
- Trigger Management
- Function Management
- Data Import and Export
- Data Generator (Not Promoted)
- Tracking and Rolling Back Data (Not Promoted)
- Task Management
- Table Structure Comparison and Synchronization (Not Promoted)
- Intelligent O&M (New Version)
- Intelligent O&M (Old Version)
- Microsoft SQL Server
- PostgreSQL
-
RDS for MariaDB
- Account Management
- Database Management
- SQL Operations
- Table Management
- View Management
- Stored Procedure Management
- Event Management
- Trigger Management
- Function Management
- Data Import and Export
- Data Generator (Not Promoted)
- Task Management
- Table Structure Comparison and Synchronization (Not Promoted)
- Intelligent O&M
- GaussDB
-
TaurusDB
- Account Management
- Database Management
- SQL Operations
- Table Management
- View Management
- Event Management
- Stored Procedure Management
- Function Management
- Trigger Management
- Data Import and Export
- Data Generator (Not Promoted)
- Task Management
- Table Structure Comparison and Synchronization (Not Promoted)
- Intelligent O&M
- GeminiDB Cassandra
- GaussDB(DWS) (Unavailable Soon)
- DDS
- DDM
- Audit
- Event Monitoring
- Best Practices
-
API Reference
- Before You Start
- API Overview
- Calling APIs
-
APIs (in OBT)
- API Version Queries
-
Cloud DBA
- Registering a Database User
- Modifying a Database User
- Deleting a Database User
- Querying Intelligent O&M Quotas
- Querying a Specified Database User
- Querying Database Users
- Killing Sessions
- Querying the SQL Execution Plan (GET Request)
- Querying SQL Execution Plan (POST Request)
- Querying Metadata Locks
- Querying Instance Sessions
- Querying InnoDB Lock Waits
- Enabling or Disabling SQL Explorer and Slow Query Log
- Querying Whether SQL Explorer and Slow Query Log Are Enabled
- Exporting Slow Query Logs
- Exporting SQL Explorer Data
- Querying Whether SQL Statement Concurrency Control Is Enabled
- Enabling or Disabling SQL Statement Concurrency Control
- Querying Concurrency Control Rules of SQL Statements
- Generate Keywords of a Concurrency Control Rule from the Original SQL Statement
- Creating a Concurrency Control Rule for SQL Statements
- Deleting a Concurrency Control Rule of SQL Statements
- Querying SQL Statement Concurrency Control Tasks
- Exporting the Top SQL Template List
- Exporting SQL Execution Time Distribution
- Exporting the Slow SQL Template List
- Viewing the Instance List on the Intelligent O&M Page
- Setting a Shared Link
- Deleting a Shared Link
- Executing a SQL Diagnosis
- Obtaining Diagnosis Results
- Creating an Instance Diagnosis Task
- Querying Instance Diagnosis Reports
- Obtaining an Instance Diagnosis Report
- Deprecated APIs
- Permissions Policies and Supported Actions
- Appendixes
-
FAQs
-
Product Consulting
- How Is DAS Billed?
- Which Data Sources Does DAS Support?
- Does DAS Support Multi-Region Access?
- Where Is SQL Execution Records Saved If I Enable This Function?
- What Should I Enter in the Database Column to Log In to a PostgreSQL DB Instance on the DAS Console?
- Will I Be Changed If I Enable Collect Metadata Periodically and Show Executed SQL Statements on the Add Login Page?
-
Managing connections
- What Should I Do If I Can't Connect to My DB Instance Due to Insufficient Permissions?
- What Should I Do If I Can't Connect to My RDS for MySQL Instance?
- What Should I Do If I Can't Connect to My ECS (MySQL) Instance?
- What Should I Do If I Can't Connect to My RDS for SQL Server Instance?
- What Should I Do If I Can't Connect to My ECS (Microsoft SQL Server) Instance?
- What Should I Do If I Can't Connect to My RDS for PostgreSQL Instance?
- What Should I Do If I Can't Connect to My ECS (PostgreSQL) Instance?
- What Should I Do If I Can't Connect to My DDS Instance?
- What Should I Do If I Can't Connect to My GaussDB(for MySQL) Instance?
- What Should I Do If I Can't Connect to My GaussDB Instance?
- What Should I Do If I Can't Connect to My DDM Instance?
- How Do I View and Modify ECS Security Group Rules?
- How Do I View and Modify Firewall Rules?
- What Should I Do If My Connection Fails?
-
Usage
- What Can I Do If Garbled Characters Are Displayed in the Exported Database Result Set?
- What Are the Precautions for Connecting DAS to a Third-Party Client?
- What Are the Username and Password for DAS?
- What Should I Do If Table Obtaining Times Out?
- How Do I Modify the Collation?
- When a user creates a data tracking task, an error message indicating that the current user does not have the OBS operator permissions is displayed.
- Resource Freezing, Release, Deletion, and Unsubscription
-
Product Consulting
- Glossary
- Videos
-
More Documents
-
User Guide (ME-Abu Dhabi Region)
- Service Overview
- Getting Started
-
User Guide
- Permissions Management
- Logging In to the DAS Console
- Adding Login Information
- Modifying Login Information
- Deleting Login Information
- Logging In to Databases Shared by Others
- MySQL DB Instance Management (Development Tool)
- Microsoft SQL Server DB Instance Management (Development Tool)
- PostgreSQL DB Instance Management (Development Tool)
- DDS DB Instance Management (Development Tool)
- Enterprise Change Approval
- Intelligent O&M
- FAQs
- Change History
-
User Guide (ME-Abu Dhabi Region)
- General Reference
Show all
Copied.
Creating a User
Multiple users with different permissions can be created to access a DB instance or database, but the permissions of these users must be within a certain range.
Procedure
- Log in to the DAS console.
- Click in the upper left corner and select a region and project.
- Click in the upper left corner, and under Databases, click Data Admin Service.
- In the navigation pane on the left, choose Development Tool.
You can also click Go to Development Tool on the overview page.
- Locate the DB instance that you want to log in to and click Log In in the Operation column.
- On the top menu bar, choose Account Management > User Management.
Figure 1 User management
- Click Create User.
Figure 2 Creating a user
Configure required details, such as basic information, advanced settings, global permissions, object permissions, and roles by referring to Table 1.
Table 1 Parameter description Type
Parameter
Configuration Description
Basic Information
Username
Name of the new user.
Host
Whitelisted IP addresses allowed to access the database server.
- If you leave this parameter blank or enter %, the user can access all IP addresses.
- If you enter multiple IP addresses, separate them with commas (,).
For example, if you enter 192.%,193.% for Host, two users with host addresses of 192.% and 193.% will be created, respectively.
- You can click Add DAS IP Address to add a DAS server IP address to the user host.
Password
Password of the user. The password:
- Can include 8 to 32 characters.
- Contains at least three types of the following characters: lowercase letters, uppercase letters, digits, and special characters ~!@#$%^*-_=+?,()&. |
- Cannot be the username or the username spelled backwards.
- Cannot be a weak password.
Confirm Password
The value must be the same as the user password you set.
Advanced Settings
Max. Queries Per Hour
Maximum queries that this user can execute within an hour. If this parameter is left empty or set to 0, there is no limit on the maximum queries.
Max. Updates Per Hour
Maximum updates that this user can execute within an hour. If this parameter is left empty or set to 0, there is no limit on the maximum updates.
Max. Connections Per Hour
Maximum connections (of this user) to the DAS server within an hour. If this parameter is left empty or set to 0, there is no limit on the maximum connections.
Max. User Connections
Maximum concurrent connections to the server. If this parameter is left empty or set to 0, there is no limit on the maximum concurrent connections.
SSL Type
Type of certificates for authenticating user requests sent to the server.
Issuer
Authority that issues X.509 certificates for connecting the user to the server.
Subject
Subject of the X.509 certificates for connecting the user to the server.
Algorithm
Method of encrypting connections between the user and the server.
Global Permissions
Permissions granted to the user to perform operations on all databases in the current instance.
For details about the global permissions that can be configured, see Table 2. For details about permission usages and explanations, visit the official website.
Object Permissions
Permissions granted to the user on specific objects.
For details about the object permissions that can be configured, see Table 2. For details about permission usages and explanations, visit the official website.
Example:
The following settings grant the user the permission to query the ID of table user_test in database db_test.
Figure 3 Adding an object permission
On the Object Permissions tab, you can add or delete object permissions and click Save. In the displayed dialog box, click OK.
Role
Role of the user. Roles are only supported for MySQL 8.0.
- Role Name: You can select an existing username in this instance.
- Grant Role: Whether the new user can grant permissions of the selected role to another user.
- Default Role: Whether the new user can inherit permissions of the selected role.
NOTE:To manage roles, the current account must have the ROLE_ADMIN permission. You can manually assign the permission. For example, you can run the GRANT ROLE_ADMIN on *.* TO 'root'@' %' command to assign the ROLE_ADMIN permission to user root.
Example:
The following settings indicate that user_2 can inherit permissions of user@ and can grant permissions of user@ to another user.
Figure 4 Granting permissions
Table 2 Permission description Permission
Description
SELECT
Permission to query a specified object, for example, a global or single database.
INSERT
Permission to insert data into a specified object.
UPDATE
Permission to update data of a specified object.
DELETE
Permission to delete data from a specified object.
CREATE
Permission to create databases and tables for a specified object.
DROP
Permission to delete databases, tables, and views from a specified object.
RELOAD
Permission to execute FLUSH.
PROCESS
Permission to execute SHOW PROCESSLIST to view all the processes.
GRANT
Permission to grant a specified object the permissions of another account or reclaim permissions from other accounts.
REFERENCES
Permission to create foreign keys for a specified object.
INDEX
Permission to create or delete an index for a specified object.
ALTER
Permission to execute ALTER TABLE for a specified object.
SHOW DATABASES
Permission to run SHOW DATABASES to show all databases.
CREATE TEMPORARY TABLES
Permission to execute CREATE TEMPORARY TABLE for a specified object.
LOCK TABLES
Permission to execute LOCK TABLES on the tables with the SELECT permission for a specified object.
EXECUTE
Permission to execute a stored procedure for a specified object.
REPLICATION SLAVE
Permission to allow the replica server to read binary log events from the source server.
REPLICATION CLIENT
Permission to query locations of the source server or replica server.
CREATE VIEW
Permission to create or alter a view for a specified object.
SHOW VIEW
Permission to execute SHOW CREATE VIEW for a specified object.
CREATE ROUTINE
Permission to create a stored procedure for a specified object.
ALTER ROUTINE
Permission to alter or delete a stored procedure for a specified object.
CREATE USER
Permission to execute CREATE USER, DROP USER, RENAME USER, and REVOKE ALL PRIVILEGES for a specified object.
EVENT
Permission to create, modify, delete, or display the event scheduler for a specified object.
TRIGGER
Permission to execute a trigger for a specified object. Only users with this permission can create, delete, execute, or display triggers of a table.
- After configuring required parameters, click Save. In the preview dialog box, click OK.
- Return to the user management page.
In the user management list, edit, rename, or delete the created users.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot