Database Account Security
Password Strength Requirements
SQL Server supports disabling of the database password complexity check. However, to ensure database security, you are advised not to disable it.
- RDS has a password security policy for user-created database accounts. You are advised to enable this policy. Passwords must:
- Consist of 8 to 128 characters.
- Contain at least three types of the following: uppercase letters, lowercase letters, digits, and special characters.
- Not contain the username.
When you are creating a DB instance, the password strength is checked. You can modify the password strength as user rdsuser. For security reasons, you are advised to use a password that is at least as strong as the default password.
Account Description
To provide O&M services, the system automatically creates system accounts when you create RDS for SQL Server DB instances. These system accounts are unavailable to you.
Attempting to delete, rename, change passwords for, or change privileges for these accounts will result in an error.
- rdsadmin: has the sysadmin service role and is used to query DB instance information, monitor instance status, rectify faults, migrate data, and restore data.
- rdsmirror: indicates the primary/standby replication account, which is used to create mirroring endpoints.
- rdsbackup: indicates the backup account, which is used for backend backup.
- Mike: indicates the Windows system account of RDS for SQL Server. It is used to initialize SQL statements during the DB instance initialization, including creating the rdsadmin database and related accounts.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
