Create an account and a database for an ApsaraDB RDS for PostgreSQL instance - ApsaraDB RDS

To use ApsaraDB RDS, you must create a database and an account for your instance. This topic describes how to create a database and an account for an ApsaraDB RDS for PostgreSQL instance.

Account types

ApsaraDB RDS for PostgreSQL instances support two types of database accounts: privileged accounts and standard accounts. The following table describes these account types.

Account type	Description
Privileged Account	You can create and manage privileged accounts only in the ApsaraDB RDS console or by calling API operations. You can create multiple privileged accounts to manage all standard accounts and databases. Privileged accounts are granted more permissions to meet custom and fine-grained permission management requirements. For example, you can grant the query permissions on different tables to different users. You can disconnect any account. Note If the privileged account that you create is the first privileged account of the instance, this account becomes the schema owner of the public schema in the standard system database named template1. The CREATE DATABASE command creates a database by replicating the template1 database by default. The schema owner of the public schema in the databases that are created in this manner is the first privileged account. The remarks for the first privileged account default to `template1 public schema owner`. You can customize the remarks based on your requirements.
Standard Account	You can create and manage standard accounts in the ApsaraDB RDS console, by calling API operations, or by running SQL statements. You can create multiple standard accounts for an instance. You must manually grant permissions on specific databases to standard accounts. A standard account cannot be used to create or manage other accounts, or disconnect other accounts.

Usage notes

You can create multiple privileged and standard accounts in the ApsaraDB RDS console. You can also create and manage standard accounts by running SQL commands.
If you want to migrate a self-managed database to ApsaraDB RDS, you must create an account and a database in the RDS instance that have the same names as the account and database in the self-managed database.
When you assign permissions, create accounts based on business roles and the principle of least privilege. Assign read-only or read/write permissions as needed. To ensure that each database account can access only the data within its business scope, you can configure permissions with greater granularity. If an account does not require write permissions, assign only read-only permissions to that account.
To ensure database security, set a strong password for your database account and change it regularly.

Create an account

Go to the Instances page. In the top navigation bar, select the region in which the RDS instance resides. Then, find the RDS instance and click the ID of the instance.
In the left-side navigation pane of the page that appears, click Accounts.
On the page that appears, click Create Account.

Configure the following parameters.

Parameter	Description
Database Account	The username of the account. It must be 2 to 63 characters in length. It can contain lowercase letters, digits, and underscores (_). It must start with a letter and end with a letter or a digit. It cannot be the same as the username of an existing account. It cannot start with pg. It cannot contain SQL keywords. For more information, see SQL Keywords.
Account Type	The type of the account. Two types of accounts are supported: privileged accounts and standard accounts. A privileged account has all operation permissions on all databases. Standard accounts have all operation permissions only on their authorized databases. Note The permitted operations include SELECT, INSERT, UPDATE, DELETE, TRUNCATE, REFERENCES, and TRIGGER. To perform fine-grained account permission management, such as create an account that only has the read permission, see Manage permissions in an ApsaraDB RDS for PostgeSQL instance.
New Password	The password of the account. It must be 8 to 32 characters in length. It must contain at least three types of the following characters: uppercase letters, lowercase letters, digits, and special characters. It can contain any of the following special characters: ! @ # $ % ^ & * ( ) _ + - =
Confirm Password	The password of the account.
Description	The description of the account.

Click OK.

Create a database

Go to the Instances page. In the top navigation bar, select the region in which the RDS instance resides. Then, find the RDS instance and click the ID of the instance.
In the navigation pane on the left, click Database Management.
Click Create Database.

Set the following parameters.

Parameter	Description
Database Name	The name can be up to 63 characters in length. The name can contain lowercase letters, digits, hyphens (-), and underscores (_). The name must start with a letter and end with a letter or a digit.
Supported Character Set	The character set of the database. Important The character set of an ApsaraDB RDS for PostgreSQL database cannot be changed after the database is created.
Collate	The string collation.
Ctype	The character classification.
Authorized Account	Specify the owner of the database. The owner has ALL permissions on the database.
Description	Enter remarks for the database.

Click Create.

After the database is created, you can view it on the Database Management page. 创建的账号

Parameter

Description

Concurrent connection limit

The maximum number of concurrent requests that can be executed in the database. By default, this parameter is not limited. You can also log on to the database using a privileged account and run the ALTER DATABASE <Database name> CONNECTION LIMIT <Number of concurrent connections>; command to modify the limit.

Tablespace

The tablespace to which the database belongs. The default value is pg_default. You cannot view or modify the path of the tablespace.

If you migrate a self-managed database to the cloud using a migration method such as Cloud Migration, the tablespace name is the same as that of the self-managed database. You can change the tablespace of the database and tables to pg_default.

FAQ

Can I use an account that is created on a primary instance on a read-only instance?

Yes, you can. Accounts created on a primary instance are synchronized to its read-only instances. You cannot manage accounts on read-only instances. These accounts have only read-only permissions on the read-only instances.

Related API operations

API operation	Description
Create a database account	Creates an account.