I'm re-organizing the user structure in my Google Cloud PostgreSQL instance. Originally, we had a single user with broad access to everything. I'm now aiming for a more granular approach, where each user represents a specific service and has restricted access only to its own database (rwa).
The challenge I'm facing is that I would like to have a single "superuser-like" account with full access to all databases and tables, including automatic access to any newly created databases or tables. However, I understand that Cloud SQL doesn't allow the creation of actual superusers.
Given that limitation, what’s the closest I can get to a superuser in this environment? And more importantly, is this a reasonable and recommended approach?
The closest role to superuser access is the cloudsqlsuperuser role, which includes some superuser privileges and is typically granted automatically to users created on instances using Cloud SQL’s authentication method, as stated here in the documentation. Nonetheless, there is no other way to assign full superuser access within Cloud SQL, since it is a managed service that restricts access to certain system procedures and tables requiring advanced privileges.
However, you can also consider filing this as a feature request so that the Google Cloud SQL team can look into it. Please note that feature requests are not guaranteed and there is no ETA on them. And all further updates about this feature request will be communicated through this public issue tracker.