How to create GCP Cloud SQL IAM Users
The first answer here is a guide on how to create a Cloud SQL IAM user for your Google Platform Cloud SQL instance.
Here is a guide on how to connect after you've created the user.
Solution
- Click on "Edit" on your instance on the upper tool bar. Go down to "Flags" and set "cloudsql.iam_authentication" to "on"
- Go to "Users" tab on the left navigation pane > Click on "Add User Account"
- Use the person's GCP email address in the principal field. Anyone can create this account but only IAM Editors can change IAM privileges. IAM privileges affect GCP objects, not the database objects. There is no need to set IAM privileges to connect to the database.
- Connect to the database using the instance IP address and
postgresuser. Using this user we can assign privileges. IAM users are created with zero privileges to database objects.
grant connect on database database_name to "username@email.com";
-- Grant usage on current objects in a schema
grant all on SCHEMA schema_name to "username@email.com";
grant all on all TABLES in SCHEMA schema_name to "username@email.com";
grant all on all FUNCTIONS IN SCHEMA schema_name to "username@email.com";
grant all on all PROCEDURES IN SCHEMA schema_name to "username@email.com";
grant all on all ROUTINES IN SCHEMA schema_name to "username@email.com";
grant all on all SEQUENCES IN SCHEMA schema_name to "username@email.com";
-- Grant usage of any newly created objects in the future
ALTER DEFAULT PRIVILEGES IN SCHEMA schema_name GRANT all ON FUNCTIONS TO "username@email.com";
ALTER DEFAULT PRIVILEGES IN SCHEMA schema_name GRANT all ON ROUTINES TO "username@email.com";
ALTER DEFAULT PRIVILEGES IN SCHEMA schema_name GRANT all ON SEQUENCES TO "username@email.com";
ALTER DEFAULT PRIVILEGES IN SCHEMA schema_name GRANT all ON TABLES TO "username@email.com";
ALTER DEFAULT PRIVILEGES IN SCHEMA schema_name GRANT all ON types TO "username@email.com";
- Test permissions for the user by changing sessions
set session authorization "username@email.com";
- Reset back
reset session authorization;
- Get the first date of an ISO 8601 year and week
- How to create GCP Cloud SQL IAM Users
- Query on JSON object keys in ActiveRecord/Postgresql
- How to install postgresql in my docker image?
- PostgreSQL in Docker - access from host
- PostgreSQL – waiting for checkpoint to complete
- Postgres aggregate is slower than just fetching and aggregating on python min
- How can I change a PostgreSQL user password?
- RDS while connection error: no pg_hba.conf entry for host
- An exception has been raised that is likely due to a transient failure - connect local PostgreSQL to Docker container
- How do you safely insert a variable into an array with postgresql and nodejs?
- Postgres where clause compare timestamp
- Docker - Postgres and pgAdmin 4 : Connection refused
- PostgreSQL error: Fatal: role "username" does not exist
- Why does PostgreSQL's \dt show only public schema tables?
- PostgreSQL ERROR: cannot accumulate arrays of different dimensionality
- How to manage the wals dir on a PostgreSQL replication server?
- Easier way to update data with node-postgres?
- How to divide two NUMERIC values and get a result that has the maximum number of digits the NUMERIC type supports?
- PostgreSQL copy row minus a few columns
- Loading json data from a file into Postgres
- How to add constraint if not exists
- Postgres Postgis ST_DWithin query is not accurate
- Prevent jobs on the cluster from running on production code during deployment
- Is there a way to prevent ROW_NUMBER's ORDER BY from having to repeat the same thing?
- How to map column with type BIT(24) in PostgreSQL with Hibernate
- Cannot install "psycopg2" on Windows 10 with Python 3.8
- PostgreSQL delimiter to separate multiple queries in queries file
- I get this error - ImportError: DLL load failed while importing _psycopg: The specified module could not be found. what can I do about it?
- PostgreSQL: FOREIGN KEY/ON DELETE CASCADE