--- Title: Manage accounts URL Source: https://company-skill.com/p/rds/rds-manage-accounts Language: en Description: You need to create, modify, or delete database accounts on ApsaraDB RDS and assign specific privileges (e.g., read, write, DDL) to those accounts. You may also want to configure authentication… --- # Manage accounts Part of **ApsaraDB RDS**. Route queries via `POST https://company-skill.com/api/route`. ## What You Want to Do You need to create, modify, or delete database accounts on ApsaraDB RDS and assign specific privileges (e.g., read, write, DDL) to those accounts. You may also want to configure authentication methods beyond standard username/password—especially for RDS Supabase instances. **Typical User Questions**: - How do I create a database account? - Can I manage accounts via API? - How to grant specific privileges to users? - How do I configure third-party authentication? ## Decision Tree Pick the best path for your situation: - **If** you need to automate account creation, perform batch operations, or integrate with an external identity system → Use API (go to *rds/rds-account*) - **If** you are configuring third-party authentication (Alipay, GitHub, email, SMS) for **Supabase instances** → Use (go to *rds/rds-account*) - **If** you require visual confirmation of account status or lack programming resources → Use (go to *rds/rds-account*) - **Otherwise (default)** → Start with **** for one-off tasks, as it requires no code and provides immediate feedback via the UI. ## Path Comparison | Path | Best For | Complexity | Code Required | Automation | Key Fact | Detail Skill | |------|----------|------------|---------------|------------|----------|-------------| | API | medium | Yes | Yes | Uses Bearer Token authentication; each call is billed even on client error (4xx) | `rds/api/rds-account` | | Console / Dashboard | low | No | No | Includes Authentication configuration page with Email provider button, SMS Webhook tab, and GitHub provider toggle for Supabase instances | `rds/guide/rds-account` | ## Path Details ### Path 1: API **Brief Description**: The ApsaraDB RDS Account Management API is a synchronous HTTP service that lets you manage database accounts and permissions via REST requests using **Bearer Token** authentication. It supports programmatic operations like creating accounts, modifying descriptions, and locking users—ideal for integration into CI/CD pipelines or identity platforms. **Key technical facts**: - Billing: Per-request billing regardless of success or failure; some operations have free tier quotas (e.g., 1000 free calls/month for ModifyAccountDescription) - Auth method: Bearer Token authentication with Alibaba Cloud API key via Authorization header **When to Use**: - Need to automate account lifecycle management via scripts or CI/CD pipelines - Require batch creation of multiple accounts with consistent permission policies - Integrating RDS account management into external identity management systems - Need to programmatically lock/unlock accounts based on security events **When NOT to Use**: - Performing one-off interactive account configuration tasks - Setting up third-party authentication methods like Alipay, GitHub, email, or SMS - Lacking programming resources or API credentials for automation - Prefer visual confirmation of account status and permissions through UI **Known Limitations**: - Rate limited to 100 QPS per account for general operations and 10 requests per second for service account operations - Each API call counts as billable even if it fails due to client error (4xx) - Account names have engine-specific constraints: 2–32 chars for MySQL, 2–64 for SQL Server, 2–63 for PostgreSQL cloud disk - Passwords must be 8–32 characters containing at least three of: uppercase, lowercase, digits, special chars (!@#$%^&*()_+-=) ### Path 2: Console / Dashboard **Brief Description**: The ApsaraDB RDS Console provides a guided UI experience via the **Account Management tab**, where you can click the **Create Account button** and **Edit Permissions button** to manage users. For **Supabase instances**, it includes an **Authentication configuration page** with dedicated controls like the **Email provider button**, **SMS Webhook tab**, and **GitHub provider toggle** to enable third-party login. **Key technical facts**: - Billing: Account management operations are included in RDS instance billing with no additional charges; third-party authentication uses underlying services (e.g., Alibaba Cloud SMS billed per message) - Auth method: Console SSO **When to Use**: - Performing interactive, one-time account creation and permission assignment - Configuring third-party authentication methods (Alipay, GitHub, email, SMS) for RDS Supabase applications - Visually verifying account status and permissions through UI elements - Lacking programming expertise or API credentials for automation **When NOT to Use**: - Need to manage large numbers of accounts programmatically - Require integration with external identity management systems - Need consistent, repeatable account provisioning across environments - Prefer scriptable, auditable account management workflows **Known Limitations**: - Cannot automate account management tasks without manual UI interaction - Account name limited to 1-16 characters in console (vs. longer limits via API depending on engine) - Third-party authentication setup requires multiple manual steps across different consoles (Alipay Open Platform, GitHub Developer Settings, etc.) - Instance automatically restarts after changing authentication settings, causing temporary downtime ## FAQ Q: Which path should I start with? A: If you're performing a one-time task or setting up third-party login for a Supabase app, start with the console. If you're building infrastructure-as-code or managing dozens of accounts, start with the API. Q: What if I need to configure GitHub login for my Supabase instance but used the API path? A: You’ll hit a dead end—the API does **not** support third-party authentication setup. Only the console’s **GitHub provider toggle** on the **Authentication configuration page** enables this for **Supabase instances**. Q: What if I try to create 50 database accounts manually using the console? A: You’ll face significant manual effort and risk inconsistency. The console lacks batch operations, while the API can loop through accounts with consistent policies and audit logs. Q: Can I use the console to manage accounts if my RDS instance isn’t running? A: No—both paths require the RDS instance to be in **Running state**, as noted in prerequisites for both fact cards. Q: Does the API support longer account names than the console? A: Yes—for example, PostgreSQL allows up to 63 characters via API, but the console restricts names to 1–16 characters regardless of engine. Q: Will changing authentication settings in the console cause downtime? A: Yes—the instance automatically restarts after modifying authentication settings, causing temporary unavailability. Plan accordingly. Q: Are failed API calls still billed? A: Yes—per-request billing applies even for client errors (4xx), so validate inputs before calling to avoid unnecessary charges. ## Related queries manage database accounts, create database user, assign db privileges, grant database permissions, reset db password, configure db authentication, how to create RDS account, can I manage RDS users via API, set up third-party auth for RDS, RDS console account management, automate RDS user provisioning --- Part of [ApsaraDB RDS](https://company-skill.com/p/rds.md) · https://company-skill.com/llms.txt