Creating a Subaccount of rdsuser
Scenarios
This section describes how to create a subaccount and grant permissions to the subaccount. Permissions of rdsuser lists the permissions supported by rdsuser.
Prerequisites
You have created a database. For details, see Creating a Database.
Procedure
- Log in to the instance through DAS.
- Log in to the management console.
- Click
in the upper left corner and select a region and a project. - Click
in the upper left corner of the page and choose Databases > Relational Database Service. - Locate the target instance and click Log In in the Operation column.
- On the displayed page, configure required parameters.
Table 1 Instance login Parameter
Description
Login Username
Enter rdsuser.
Password
Enter the password of rdsuser.
NOTE:You can select Remember Password so that you can directly log in to the instance next time.
Collect Metadata Periodically
Enable this function as required. If this function is enabled:
- DAS can store structure definition data such as database names, table names, and field names in instances, but does not store data in tables.
- Metadata is collected in the early morning every day.
Show Executed SQL Statements
Enable this function as required. This function allows you to view executed SQL statements. You can re-execute an SQL statement without having to enter it again.
- Click Log In.
- Create a subaccount.
- On the main menu of the DAS console, choose Account Management > Login Name.
- On the displayed page, click Create Login Name.
- On the Create Login Name page, configure login information.
Table 2 Login information Parameter
Description
Login Name
Enter a new login name.
Authentication Type
The value is fixed to Microsoft SQL Server Authentication.
Password
The password for the new login username must meet the following requirements:
- It must contain at least three of the following: uppercase letters, lowercase letters, digits, and special characters ~!@#$^*-_=+?%
- It must be 8 to 128 characters long.
- It cannot contain the login username.
- It cannot be a weak password.
Confirm Password
Enter the password again.
NOTE:For security purposes, select Enforce Password Policy.
Default Database
From the drop-down list, select a database the new login user will log in by default.
Default Language
Select a language for the new login user.
- Click Save.
- Click Back to Login Name List.
- In the login name list, view the new login name.
- Grant permissions to the new login user.
- Table 3 describes how to add a single permission. To add multiple permissions to the new login user at the same time, for example, to grant both read and write permissions, select both db_datareader and db_datawriter on the Edit Database Role page.
- For details about the permissions supported by rdsuser, see Permissions of rdsuser.
Table 3 Permissions that can be granted to a subaccount Permission
Procedure
Database operation permission
- Locate the new login name and click Edit in the Operation column.
- On the displayed page, click the User Mapping tab.
- In the Users mapped to this login list, click Edit in the row where both the user database and the new login username exist.
- On the Edit Database Role page, select db_owner and click OK.
- Click Save.
Server role permission
- Locate the new login name and click Edit in the Operation column.
- On the displayed page, click the Server Roles tab.
- In the Server Roles list, select the desired server role.
- Click Save.
Securable object permission
- Locate the new login name and click Edit in the Operation column.
- On the displayed page, click the Securables tab.
- In the securables list, select the desired server permission.
- Click Save.
Read-only permission
- Locate the new login name and click Edit in the Operation column.
- On the displayed page, click the User Mapping tab.
- In the Users mapped to this login list, click Edit in the row where both the user database and the new login username exist.
- On the Edit Database Role page, select db_datareader and click OK.
- Click Save.
Write permission
- Locate the new login name and click Edit in the Operation column.
- On the displayed page, click the User Mapping tab.
- In the Users mapped to this login list, click Edit in the row where both the user database and the new login username exist.
- On the Edit Database Role page, select db_datawriter and click OK.
- Click Save.
Permissions of rdsuser
|
Name |
Category |
Permission |
|---|---|---|
|
DB instance permissions |
DB instance role permissions |
[processadmin] |
|
[setupadmin] |
||
|
DB instance object permissions |
ALTER ANY CONNECTION |
|
|
ALTER ANY LOGIN |
||
|
ALTER ANY SERVER ROLE |
||
|
ALTER SERVER STATE |
||
|
ALTER TRACE |
||
|
CONNECT ANY DATABASE |
||
|
CONTROL SERVER |
||
|
CONNECT SQL |
||
|
CREATE ANY DATABASE |
||
|
SELECT ALL USER SECURABLES |
||
|
VIEW ANY DEFINITION |
||
|
VIEW ANY DATABASE |
||
|
VIEW SERVER STATE |
||
|
Database permissions |
master: Public |
|
|
Msdb: Public SQLAgentUserRole |
||
|
Model: Public |
||
|
Rdsadmin: Public |
||
|
OtherDB: Db_Owner |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
