Help Center/ Relational Database Service/ API Reference/ API v3 (Recommended)/ Database and Account Management (MySQL)/ Creating a Database Account
Updated on 2026-02-04 GMT+08:00
View PDF
Share

Creating a Database Account

Function

This API is used to create a database account for a specified DB instance.

Authorization Information

Each account has all the permissions required to call all APIs, but IAM users must be assigned the required permissions.
  • If you are using role/policy-based authorization, see Permissions and Supported Actions for details on the required permissions.
  • If you are using identity policy-based authorization, the following identity policy-based permissions are required.

Action

Access Level

Resource Type (*: required)

Condition Key

Alias

Dependencies

rds:databaseUser:create

write

instance

g:EnterpriseProjectId

g:ResourceTag/<tag-key>

-

-

Constraints

  • This operation cannot be performed when the DB instance is in any of the following statuses: creating, changing instance class, changing port, frozen, or abnormal.
  • If you want to call this API repeatedly to create database accounts for your DB instance, call it in serial.
  • For any database and account created using methods other than the RDS console and APIs, if the database name and account name do not meet the database naming rules (see Table 2) and account naming rules (see Table 2), for example, containing Chinese characters or unsupported special characters, the database and account cannot be managed through the RDS console or APIs.
  • In migration scenarios, if any database name and account name of the source database do not meet the database naming rules (see Table 2) and account naming rules (see Table 2), the database and account cannot be managed through the RDS console or APIs after being migrated to the destination RDS for MySQL database.

URI

  • URI format

    POST /v3/{project_id}/instances/{instance_id}/db_user

  • Parameter description
    Table 1 Parameters

    Parameter

    Mandatory

    Description

    project_id

    Yes

    Definition

    Project ID of a tenant in a region.

    Constraints

    The value cannot be empty.

    Range

    To obtain the value, see Obtaining a Project ID.

    Default Value

    N/A

    instance_id

    Yes

    Definition

    Instance ID.

    Constraints

    The value cannot be empty.

    Range

    You can obtain the value of this parameter from id in Table 4 by calling the API for querying DB instances.

    Default Value

    N/A

Request

Table 2 Parameters

Parameter

Mandatory

Type

Description

name

Yes

String

Definition

Specifies the username of the database account.

Constraints

N/A

Range

The username can consist of 1 to 32 characters. Only letters, digits, hyphens (-), and underscores (_) are allowed.
  • If the database version is MySQL 5.6, the username consists of 1 to 16 characters.
  • If the database version is MySQL 5.7 or 8.0, the username consists of 1 to 32 characters.

Default Value

N/A

password

Yes

String

Definition

Specifies the password of the database account.

Constraints

N/A

Range

The value must be 8 to 32 characters long and contain at least three types of the following characters: uppercase letters, lowercase letters, digits, and special characters (~!@#$%^*-_=+?,()&). The value must be different from the account name or account name spelled backwards.

You are advised to enter a strong password to improve security, preventing security risks such as brute force cracking.

Default Value

N/A

comment

No

String

Definition

Specifies remarks of the database account.

Constraints

This parameter is only available for MySQL 8.0.25 and later.

Range

1 to 512 characters long

Default Value

N/A

is_privilege

No

Boolean

Definition

Whether a privileged user is created.

Constraints

N/A

Range

  • true: A privileged user is created.
  • false: A non-privileged user is created.

Default Value

N/A

hosts

No

Array of strings

Definition

IP addresses that are allowed to access your DB instance.

Constraints

N/A

Range
  • If the IP address is set to %, all IP addresses are allowed to access your instance.
  • If the IP address is set to 10.10.10.%, all IP addresses in the subnet 10.10.10.X are allowed to access your instance.
  • Multiple IP addresses can be added.

Default Value

N/A

databases

No

Array of objects

Definition

Databases that you can log in using the account. For details, see Table 3.

Constraints

N/A
Table 3 databases element structure description

Parameter

Mandatory

Type

Description

name

Yes

String

Definition

Database name.

Constraints

N/A

Range

N/A

Default Value

N/A

readonly

No

Boolean

Definition

Whether the database is read-only.

Constraints

N/A

Range

  • true: indicates the database is read-only.
  • false: indicates the database is readable and writable.

Default Value

N/A

Example Request

Creating a database account named rds

POST https://{endpoint}/v3/0483b6b16e954cb88930a360d2c4e663/instances/dsfae23fsfdsae3435in01/db_user

{
    "name": "rds",
    "password": "************",
    "comment": "mysql",
    "is_privilege": false,
    "hosts": [
        "%"  
    ],
    "databases" : [
       {
           "name" : "***",
            "readonly" : false
       }
    ]
}

Response

  • Normal response
    Table 4 Parameters

    Parameter

    Type

    Description

    resp

    String

    Definition

    Calling result.

    Range

    Returns successful if the calling is successful.

Status Code

Error Code

For details, see Error Codes.