How to manage OceanBase database accounts-ApsaraDB for OceanBase (Deprecated)(OceanBase)-阿里云帮助中心

This topic describes how to manage database accounts. On the Account Management page, you can view basic account information and perform operations such as locking an account, modifying permissions, changing a password, and deleting an account.

Background information

You can set database permissions for an account using the command line or the OceanBase console. For more information about setting database permissions using the command line, see GRANT.

For MySQL tenants, account permissions set using the command line are synchronized to and displayed in the ApsaraDB for OceanBase console. You can also modify the permissions of accounts created using the command line in the console.
For Oracle tenants, the ApsaraDB for OceanBase console does not support synchronizing or displaying account permissions set using the command line.

Log on to the management console

Log on to the OceanBase console .
In the navigation pane on the left, click Instance List.
In the instance list, find the destination cluster instance and click the instance name to open the Cluster Instance Workbench page.
In the navigation pane on the left, click Tenant Management. In the tenant list, click the name of the destination tenant to open the Tenant Workbench page.

In the navigation pane on the left, click Account Management.

For MySQL tenant accounts, you can view information such as Account Name, Account Type, Associated Databases, Connection String (for private network access), Status, and Remarks. You can also perform operations such as Lock, Modify Permissions and Password, and Delete. After an account is locked, you cannot modify it.
Note
- If the permissions for the black screen and the ApsaraDB OceanBase console are identical, the console permissions take precedence.
- If the permissions set using the command line differ from those set in the ApsaraDB for OceanBase console, hover the mouse pointer over the Associated Databases column. A tooltip appears, displaying "Custom" and the specific permissions set using the command line.
For Oracle tenant accounts, you can view information such as Account Name, Account Type, Accessible objects of other accounts, Connection String (this is a private network connection string), Status, and Remarks. You can also perform operations such as Lock, Modify Password, Manage Access to Objects, and Delete. After an account is locked, you cannot modify it.

Parameter	Description
Account Name	The name of the account set when the account was created.
Account Type	The type of the account selected when the account was created.
Associated Databases	This parameter is available only for accounts of MySQL tenants. A super account is associated with all databases by default and has read and write permissions on all databases. A standard account is associated with the databases that were granted to it when the account was created. It can perform the corresponding authorized operations on those databases. You can also modify the associated databases and their permissions by modifying the account's permissions. A read-only account is associated with all databases by default and has read-only permissions on all databases.
Accessible objects of other accounts	This parameter is available only for accounts of Oracle tenants. A super account can access all objects under all accounts. A standard account cannot access objects of other accounts by default. You can add read-only or read and write permissions on objects of other accounts by managing access to objects.
Connection String	A string used to establish a connection between an application and an OceanBase database. This lets you perform various database operations, such as querying, inserting, and updating data.
Remarks	The remarks can be up to 30 characters long. Click the edit icon to modify the remarks.
Operations	Lock: After an account is locked, it cannot be used to access the associated databases, and no changes can be made to the account. Modify Password: Modifies the account password. Modify Permissions: This operation is available only for standard accounts of MySQL tenants. You can add or delete associated databases or modify the operation permissions on the associated databases. Manage Access to Objects: This operation is available only for standard accounts of Oracle tenants. You can add read-only or read and write permissions on objects of other accounts. Delete: Deletes the account. All data under the account is deleted along with the account.

Modify an account password

On the Account Management page, find the destination account and click Modify Password in the Operations column.
In the pop-up window, enter a new password and click OK.

Modify account permissions

Modify permissions for a standard account of a MySQL tenant

On the Account Management page, find the destination account and click Modify Permissions in the Operations column.
In the pop-up window, modify the permissions of the standard account for its associated databases. For more information about permissions, see Account permission list.

Note

If you reset the database permissions for an account in the OceanBase console, the original custom permissions set using the command line are overwritten.
Suppose an account has a specific permission, such as read and write permission. If you are logged on to a database with this account and then change its permission to read-only in the console, the new permission takes effect only after you reconnect to the database.

Modify permissions for a standard account of an Oracle tenant

On the Account Management page, find the destination account and click Manage Access to Objects in the Operations column.
In the pop-up window, click Add Object. You can then grant the standard account read-only or read and write permission on the tables that the account needs to access.