Reputation: 15746
Google Cloud SQL shared or individual database user accounts when using cloud-sql-proxy
Since the cloud-sql-proxy already forces individual user authentication with the database through a users iam account, and allows specifying read / write permissions, it seems potentially pointless to also have an individual database accounts for each user as well.
For security, is it necessary to have a database user per dev when using cloud-sql-proxy, or is it fine to just have one database user, since they are already authenticated by the time they can enter a database user / password anyways. I'm not a server dev or a DBA, so I thought it best to ask.
Upvotes: 0
Views: 743
Answers (1)
Reputation: 75715
In fact, you have 2 levels of permissions
- Cloud IAM allows you to access to Cloud SQL product or not
- Database user management allows to log into the db engine and to get the db engine permission (access to a specific schema, one schema per developer, on the same SQL instance for instance).
The hosted database engine are based on MySQL, PostgreSQL or SQL Server. All those databases have their legacy user authentication in place. You have to deal with.
Upvotes: 1
Related Questions
- Connecting to Cloud SQL from Cloud Run via cloud-sql-proxy with IAM login enabled
- GCP: Connection to Cloud SQL
- how to connect the Cloud SQL Auth proxy to connect to two same Cloud SQL instances
- Google AppEngine(Flex) + Cloud SQL Auth Proxy — use different accounts for deploy and access Cloud SQL
- Connecting to multiple CloudSQL instances using Cloud sql proxy?
- Cloud SQL Proxy - Message: Insufficient Permission
- How to use Cloud SQL Proxy with a regular user account?
- Give proxy SQL access to Google Colaboratory
- Cloud SQL proxy cannot connect to a database using a second service account with same permissions
- How to use Service Account to authenticate with Google Cloud SQL Java