Reputation: 303
MySQL 8.0 on Google Cloud SQL: How to set per-database permissions
I have a MySQL 8.0 database on Google Cloud SQL. I have two applications accessing two different databases on the same MySQL instance. I'm trying to set up access control so that each application has its own user and that user has access only to one of the databases. However, when I create a new user using the Cloud SQL interface, that user has access to all of the databases on the MySQL instance.
Google documentation gives the following information:
In MySQL 8.0 for Cloud SQL, when you create a new user, the user is automatically granted the
cloudsqlsuperuserrole. Thecloudsqlsuperuserrole is a Cloud SQL role that contains a number of MySQL privileges. This role gives the user all of the MySQL static privileges, except for SUPER and FILE.
Is it possible to remove this cloudsqlsuperuser role from the user and give the user access to the databases individually? And how is this done?
Upvotes: 2
Views: 1993
Answers (1)
Reputation: 75810
If you use the Cloud SQL API, you will add user at the Cloud SQL level (as the root user, the superuser role).
If you want to manage users and permission inside the database, you must log into the database (using a superuser account) and create your user in the database and grant them inside the database. You can't do that outside (by API call, terraform or something else).
And yes, it's boring for the automation.
Upvotes: 4
Related Questions
- How to fix mysql access denied on google-cloud-platform compute instance
- How to revoke and grant permissions to a user with GCP's new managed MySQL 8.0
- How to restrict the root MySQL system user to a single host in GCP Cloud SQL?
- How do I prevent a user from seeing a list of databases and tables in MySQL?
- grant all in Google Cloud SQL
- Access to mysql directory in Google Cloud SQL
- Limit db user permission on google cloud sql
- Google cloud service account permissions to CloudSQL
- Grant Users on Google CloudSQL
- google cloud sql permission