Console
    Start free

    MCP Tools Reference: cloud-sql

    Tool: list_users

    List all database users for a Cloud SQL instance.

    The following sample demonstrate how to use curl to invoke the list_users MCP tool.

    Curl Request 
      
curl  
--location  
 'https://sqladmin.googleapis.com/mcp' 
  
 \ 
--header  
 'content-type: application/json' 
  
 \ 
--header  
 'accept: application/json, text/event-stream' 
  
 \ 
--data  
 '{ 
 "method": "tools/call", 
 "params": { 
 "name": "list_users", 
 "arguments": { 
 // provide these details according to the tool' 
s  
MCP  
specification  
 } 
  
 } 
,  
 "jsonrpc" 
:  
 "2.0" 
,  
 "id" 
:  
 1 
 } 
 '

    Input Schema

    SqlUsersListRequest

    JSON representation 
     { 
 "instance" 
 : 
 string 
 , 
 "project" 
 : 
 string 
 }
    Fields
    instance

    string

    Database instance ID. This does not include the project ID.
    project

    string

    Project ID of the project that contains the instance.

    Output Schema

    User list response.

    UsersListResponse

    JSON representation 
     { 
 "kind" 
 : 
 string 
 , 
 "items" 
 : 
 [ 
 { 
 object (  User 
 
) 
 } 
 ] 
 , 
 "nextPageToken" 
 : 
 string 
 }
    Fields
    kind

    string

    This is always sql#usersList .
    items[]

    object ( User )

    List of user resources in the instance.
    nextPageToken
    (deprecated)

    string

    Unused.

    User

    JSON representation 
     { 
 "kind" 
 : 
 string 
 , 
 "password" 
 : 
 string 
 , 
 "etag" 
 : 
 string 
 , 
 "name" 
 : 
 string 
 , 
 "host" 
 : 
 string 
 , 
 "instance" 
 : 
 string 
 , 
 "project" 
 : 
 string 
 , 
 "type" 
 : 
 enum ( SqlUserType 
) 
 , 
 "iamEmail" 
 : 
 string 
 , 
 "passwordPolicy" 
 : 
 { 
 object (  UserPasswordValidationPolicy 
 
) 
 } 
 , 
 "databaseRoles" 
 : 
 [ 
 string 
 ] 
 , 
 // Union field user_details 
can be only one of the following: 
 "sqlserverUserDetails" 
 : 
 { 
 object (  SqlServerUserDetails 
 
) 
 } 
 // End of list of possible types for union field user_details 
. 
 // Union field _dual_password_type 
can be only one of the following: 
 "dualPasswordType" 
 : 
 enum ( DualPasswordType 
) 
 // End of list of possible types for union field _dual_password_type 
. 
 // Union field _iam_status 
can be only one of the following: 
 "iamStatus" 
 : 
 enum ( IamStatus 
) 
 // End of list of possible types for union field _iam_status 
. 
 }
    Fields
    kind

    string

    This is always sql#user .

    password

    string

    The password for the user.

    etag

    string

    This field is deprecated and will be removed from a future version of the API.

    name

    string

    The name of the user in the Cloud SQL instance. Can be omitted for update because it is already specified in the URL.

    host

    string

    Optional. The host from which the user can connect. For insert operations, host defaults to an empty string. For update operations, host is specified as part of the request URL. The host name cannot be updated after insertion. For a MySQL instance, it's required; for a PostgreSQL or SQL Server instance, it's optional.

    instance

    string

    The name of the Cloud SQL instance. This does not include the project ID. Can be omitted for update because it is already specified on the URL.

    project

    string

    The project ID of the project containing the Cloud SQL database. The Google apps domain is prefixed if applicable. Can be omitted for update because it is already specified on the URL.

    type

    enum ( SqlUserType )

    The user type. It determines the method to authenticate the user during login. The default is the database's built-in user type.

    iamEmail

    string

    Optional. The full email for an IAM user. For normal database users, this will not be filled. Only applicable to MySQL database users.

    passwordPolicy

    object ( UserPasswordValidationPolicy )

    User level password validation policy.

    databaseRoles[]

    string

    Optional. Role memberships of the user

    Union field user_details . User details for specific database type user_details can be only one of the following:
    sqlserverUserDetails

    object ( SqlServerUserDetails )

    Union field _dual_password_type .

    _dual_password_type can be only one of the following:

    dualPasswordType

    enum ( DualPasswordType )

    Dual password status for the user.

    Union field _iam_status .

    _iam_status can be only one of the following:

    iamStatus

    enum ( IamStatus )

    Indicates if a group is active or inactive for IAM database authentication.

    SqlServerUserDetails

    JSON representation 
     { 
 "disabled" 
 : 
 boolean 
 , 
 "serverRoles" 
 : 
 [ 
 string 
 ] 
 }
    Fields
    disabled

    boolean

    If the user has been disabled
    serverRoles[]

    string

    The server roles for this user

    UserPasswordValidationPolicy

    JSON representation 
     { 
 "allowedFailedAttempts" 
 : 
 integer 
 , 
 "passwordExpirationDuration" 
 : 
 string 
 , 
 "enableFailedAttemptsCheck" 
 : 
 boolean 
 , 
 "status" 
 : 
 { 
 object (  PasswordStatus 
 
) 
 } 
 , 
 "enablePasswordVerification" 
 : 
 boolean 
 }
    Fields
    allowedFailedAttempts

    integer

    Number of failed login attempts allowed before user get locked.
    passwordExpirationDuration

    string ( Duration format)

    Expiration duration after password is updated.

    A duration in seconds with up to nine fractional digits, ending with ' s '. Example: "3.5s" .
    enableFailedAttemptsCheck

    boolean

    If true, failed login attempts check will be enabled.
    status

    object ( PasswordStatus )

    Output only. Read-only password status.
    enablePasswordVerification

    boolean

    If true, the user must specify the current password before changing the password. This flag is supported only for MySQL.

    Duration

    JSON representation 
     { 
 "seconds" 
 : 
 string 
 , 
 "nanos" 
 : 
 integer 
 }
    Fields
    seconds

    string ( int64 format)

    Signed seconds of the span of time. Must be from -315,576,000,000 to +315,576,000,000 inclusive. Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years
    nanos

    integer

    Signed fractions of a second at nanosecond resolution of the span of time. Durations less than one second are represented with a 0 seconds field and a positive or negative nanos field. For durations of one second or more, a non-zero value for the nanos field must be of the same sign as the seconds field. Must be from -999,999,999 to +999,999,999 inclusive.

    PasswordStatus

    JSON representation 
     { 
 "locked" 
 : 
 boolean 
 , 
 "passwordExpirationTime" 
 : 
 string 
 }
    Fields
    locked

    boolean

    If true, user does not have login privileges.
    passwordExpirationTime

    string ( Timestamp format)

    The expiration time of the current password.

    Uses RFC 3339, where generated output will always be Z-normalized and use 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: "2014-10-02T15:01:23Z" , "2014-10-02T15:01:23.045123456Z" or "2014-10-02T15:01:23+05:30" .

    Timestamp

    JSON representation 
     { 
 "seconds" 
 : 
 string 
 , 
 "nanos" 
 : 
 integer 
 }
    Fields
    seconds

    string ( int64 format)

    Represents seconds of UTC time since Unix epoch 1970-01-01T00:00:00Z. Must be between -62135596800 and 253402300799 inclusive (which corresponds to 0001-01-01T00:00:00Z to 9999-12-31T23:59:59Z).
    nanos

    integer

    Non-negative fractions of a second at nanosecond resolution. This field is the nanosecond portion of the duration, not an alternative to seconds. Negative second values with fractions must still have non-negative nanos values that count forward in time. Must be between 0 and 999,999,999 inclusive.

    Tool Annotations

    Destructive Hint: ❌ | Idempotent Hint: ❌ | Read Only Hint: ✅ | Open World Hint: ❌
    Create a Mobile Website
    View Site in Mobile | Classic
    Share by: