What Accounts Are Provided by Default for a TDSQL Boundless Instance? Can They Be Deleted?
The system provides four accounts by default. It is recommended not to delete them, as doing so may cause database issues.
|
root | % | Administrator account with all privileges. |
mysql.sys | localhost | Manage and access the built-in sys database. |
mysql.session | localhost | Access the server for internal plugins. |
mysql.infoschema | localhost | Manage and access the information_schema database. |
What Permissions Does the Preconfigured High-Privilege Account dbaadmin Have?
dbaadmin is a high-privilege account created by default. It has all database management permissions except SUPER and can be used for daily management of database instances.
Why Does a Newly Created Account Have No Permissions?
A newly created account has no permissions by default. To use it, you must first click Modify Permissions in the account list and grant the required database permissions. Does TDSQL Boundless Support the mysql_native_password Plugin? Can a Specific Password Authentication Plugin Be Specified When an Account Is Created?
Note:
Starting from MySQL 8.0.4, caching_sha2_password became the default authentication plugin for the MySQL server, replacing mysql_native_password, which had been the default. TDSQL Boundless is compatible with both authentication plugins, allowing selection based on business compatibility requirements.
mysql_native_password is based on the SHA1 algorithm without salting. If different users use the same password, they will get the same hash. This may reveal users' password usage patterns, posing a security risk. It remains compatible with the legacy authentication method used by the original MySQL 5.7 client.
caching_sha2_password is the default authentication plugin for MySQL server versions 8.0.4 and above. It uses the SHA-256 encryption algorithm and a caching mechanism, providing higher security.
TDSQL Boundless is compatible with the MySQL 8.0 protocol. Its account system supports both the caching_sha2_password and mysql_native_password authentication plugins, allowing you to explicitly specify an authentication plugin when a user is created.
SELECT user, host, plugin FROM mysql.user WHERE user = 'user_name';
CREATE USER 'username'@'%' IDENTIFIED WITH caching_sha2_password BY 'password';
CREATE USER 'username'@'%' IDENTIFIED WITH mysql_native_password BY 'password';
ALTER USER 'username'@'%' IDENTIFIED WITH caching_sha2_password BY 'new_password';
How to Modify Account Permissions
Why Can't I Log In to the Database Management Tool DMC?
This issue may be caused by the business account you are using. To resolve it, log in to the TDSQL Boundless console, click the Instance ID, and navigate to the Instance Management > Account Management page. Confirm that the login account has been authorized for the client host address that needs to access the database. Then, set the host address to % or the specific client host address you want to authorize. You can also directly log in to the database management tool using a pre-configured high-privilege account.
If you confirm that the issue is not one of the above, your account password may be incorrect. Please re-enter your password or reset the password. What to Do If an Account Is Accidentally Deleted or the Password Is Forgotten
If you have accidentally deleted an account, you can log in to the TDSQL Boundless console, click the instance ID, and go to the Instance Management page. You can then create a new account by clicking Account Management > Create Account or by using an SQL statement. For details, see Creating Account. If you forget the administrator password, you can locate the corresponding account on the Account Management page to reset the password. For details, see Resetting Password. You can also perform these operations via the TencentCloud API. Does a TDSQL Boundless Authorized User Have No file Permission?
Currently, the shutdown and file permissions are not granted to pre-configured high-privilege users. Therefore, administrators cannot create users with all permissions. When permissions are granted, see the following commands:
grant SELECT,INSERT, UPDATE, DELETE, CREATE, DROP, ALTER on *.* to 'myuser'@'%' identified by 'mypasswd';
Does TDSQL Boundless Support Read-Only Accounts and Read-Only Nodes?
TDSQL Boundless does not currently support read-only accounts or read-only nodes. In its peer-to-peer node architecture, read and write requests can be distributed across different nodes, allowing for full utilization of each node's resources. For details on the TDSQL Boundless architecture, see Overview. We will add support for read-only nodes in later versions. Stay tuned.