Create and manage accounts|OceanBase Cloud| docs|Distributed Database

Create and manage accounts

Last Updated：2025-08-13 08:35:26 Updated

This topic describes how to create accounts in a tenant and manage the privileges of the accounts in different databases of the tenant.

Background information

Before you connect to a database, you need to create an account with the privilege to connect to the database. Different account types have different privileges. You can use an account with database operation privileges to log in to the database. In an instance, you can associate an account with multiple databases.

Prerequisites

Before you create an account, check whether the following condition is met:

The instance is not being created, deleted, or has been deleted.

Create an account

You can create an account by using one of the following three methods:

Method 1: Log in to the OceanBase Cloud console. On the instance overview page, click Manage Access in the left-side navigation pane, and then click Create Account in the upper-right corner.
Method 2: Log in to the OceanBase Cloud console. On the instance overview page, click Create Account in the upper-right corner.
Method 3: Log in to the OceanBase Cloud console. On the instance list page, click ... > Create Account in the Actions column of the target instance.

The following example describes how to create an account by using Method 1:

Log in to the OceanBase Cloud console.
On the instance list page, click the name of the target instance to go to the instance overview page.
In the left-side navigation pane, click Manage Access to go to the accounts page.

In the upper-right corner, click Create Account. Specify the following parameters based on your needs.

create account01

Parameter	Description
Account Name	Set the name of the account. The account name must start with a lowercase letter, be 2 to 32 characters long, and can contain uppercase letters, lowercase letters, hyphens, underscores, and numbers. It cannot contain any of the following reserved keywords (including corresponding lowercase keywords): SYS, OCEANBASE, ROOT, OPERATOR, LBACSYS, ORAAUDITOR, OBMIGRATE, OMC, IDB_DDL, ODC_RND, ODC_DDL, and DWEXP.
Account Type	You can create a regular account, a super account, or a read-only account. A regular account has the privileges to run DML and DDL statements in the database. For more information, see Account privileges. A super account has the read and write privileges on all databases by default. A read-only account has the read privileges on all databases by default. DML statements are used to query or operate data in existing schema objects. DDL statements are used to define, modify, and delete schema objects. For more information, see SQL statement overview.
Grant Database Privileges	You can authorize an unauthorized account. The privileges include: custom, read-only, read/write, DDL-only, and DML-only. In MySQL compatible mode, the account can be granted the following privileges on the database: Custom: ALTER, CREATE, DELETE, DROP, INSERT, SELECT, UPDATE, INDEX, CREATE VIEW, and SHOW VIEW. Multiple privileges can be selected. Read-only: CREATE SESSION, SELECT, and SHOW VIEW. Read/write: ALL PRIVILEGES except GRANT OPTION. DDL-only: CREATE, DROP, ALTER, SHOW VIEW, and CREATE VIEW. DML-only: SELECT, INSERT, UPDATE, DELETE, SHOW VIEW, and PROCESS.
Password	The password policy depends on the database version. The current password policy is as follows. In MySQL compatible mode: For databases earlier than V4.2.1: The password must be 10 to 32 characters long and must contain uppercase letters, lowercase letters, numbers, and special characters. For databases V4.2.1 and later: The password must be 8 to 64 characters long. You can customize the password policy. For more information, see Set a password policy. In Oracle compatible mode: The password must be 10 to 32 characters long and must contain uppercase letters, lowercase letters, numbers, and special characters. Special characters are `~!@#$%^&*_-+=\|(){}[]:;,.?/`.
Randomly Generate	Click this button to generate a random password. After the password is generated, copy it and keep it properly.
Remarks (optional)	The remarks cannot exceed 30 characters.

Click Create. After the account is created, you can view the account name, account type, associated database, status, and remarks on the account list page.

Lock an account

Log in to the OceanBase Cloud console.
On the instance list page, click the name of the target instance to go to the instance overview page.
In the left-side navigation pane, click Manage Access to go to the accounts page.
Click the icon in the Actions column of the target account and select Lock.
In the dialog box that appears, click Lock. After the account is locked, it cannot be logged in to.

Reset a password

Log in to the OceanBase Cloud console.
On the Instances page, click the name of the target instance to go to the instance overview page.
In the left-side navigation pane, click Manage Access to go to the accounts page.
Click the icon in the Actions column of the target account and select Reset Password.
In the dialog box that appears, enter and confirm the new password, and then click OK.

Edit remarks

Log in to the OceanBase Cloud console.
On the Instances page, click the name of the target instance to go to the instance overview page.
In the left-side navigation pane, click Manage Access to go to the accounts page.
Click the icon in the Actions column of the target account and select Edit Remarks.
In the dialog box that appears, edit the remarks and click OK.

Update privileges

Log in to the OceanBase Cloud console.
On the Instances page, click the name of the target instance to go to the instance overview page.
In the left-side navigation pane, click Manage Access to go to the accounts page.
Click the icon in the Actions column of the target account and select Update Privilege.
In the dialog box that appears, modify the privileges and click Modify.

Delete an account

Log in to the OceanBase Cloud console.
On the Instances page, click the name of the target instance to go to the instance overview page.
In the left-side navigation pane, click Manage Access to go to the accounts page.
Click the icon in the Actions column of the target account and select Delete.
Enter delete and click Delete. Note that the account cannot be recovered after it is deleted.

Set a password policy

Note

The password policy feature is supported in OceanBase Database V4.2.1 and later.

Log in to the OceanBase Cloud console.
On the Instances page, click the name of the target instance to go to the instance overview page.
In the left-side navigation pane, click Manage Access to go to the accounts page.
In the upper-right corner of the page, click Set Password Policy.

On the Set Password Policy page, set the following parameters.

Parameter	Description
Minimum Length	The minimum length of an account password. The default value is 8. The minimum password length must be greater than or equal to the sum of the minimum number of uppercase and lowercase characters * 2, digits, and special characters.
Minimum Uppercase and Lowercase Letters	The minimum number of uppercase and lowercase English characters in an account password. The default value is 2, which indicates that the password must contain at least two uppercase letters and two lowercase letters.
Minimum Digits	The minimum number of digits in an account password. The default value is 2.
Minimum Special Characters	The minimum number of special characters in an account password. The default value is 2.
Account Name Detection	If enabled, the password must not contain the account name.
Lockout upon Consecutive Login Failures	If enabled, you can set Threshold and Lockout Duration. If the number of consecutive logon failures exceeds the threshold, the system locks the account for the specified duration.

Click OK to save the password policy. After the policy is saved, new passwords created or modified must comply with the new policy, and existing passwords are not affected.