Required permissions for common tasks in the Google Cloud console
For a list of roles and their associated permissions, see Cloud SQL roles .
Task | Required additional permissions |
---|---|
Displaying the instance listing page | cloudsql.instances.list
resourcemanager.projects.get
|
Creating an instance | cloudsql.instances.create
cloudsql.instances.get
cloudsql.instances.list
resourcemanager.projects.get
|
Connecting to an instance from the Cloud Shell | cloudsql.instances.get
cloudsql.instances.list
cloudsql.instances.update
resourcemanager.projects.get
|
Creating a user | cloudsql.instances.get
cloudsql.instances.list
cloudsql.users.create
cloudsql.users.list
resourcemanager.projects.get
|
Viewing instance information | cloudsql.databases.list
cloudsql.instances.get
cloudsql.instances.list
cloudsql.users.list
monitoring.timeSeries.list
resourcemanager.projects.get
|
Viewing instance metadata in Dataplex Catalog | cloudsql.schemas.view
|
Required permissions for gcloud sql commands
Command | Required permissions |
---|---|
gcloud sql backups create
|
cloudsql.backupRuns.create
|
gcloud sql backups delete
|
cloudsql.backupRuns.delete
|
gcloud sql backups describe
|
cloudsql.backupRuns.get
|
gcloud sql backups list
|
cloudsql.backupRuns.list
|
gcloud sql backups restore
|
cloudsql.backupRuns.get
cloudsql.instances.restoreBackup
|
gcloud sql connect
|
cloudsql.instances.get
cloudsql.instances.update
|
gcloud sql databases create
|
cloudsql.databases.create
|
gcloud sql databases delete
|
cloudsql.databases.delete
|
gcloud sql databases describe
|
cloudsql.databases.get
|
gcloud sql databases list
|
cloudsql.databases.list
|
gcloud sql databases patch
|
cloudsql.databases.get
cloudsql.databases.update
|
gcloud sql export
|
cloudsql.instances.export
cloudsql.instances.get
|
gcloud sql flags list
|
None |
gcloud sql import
|
cloudsql.instances.import
|
gcloud sql instances clone
|
cloudsql.instances.clone
|
gcloud sql instances create
|
cloudsql.instances.create
|
gcloud sql instances delete
|
cloudsql.instances.delete
|
gcloud sql instances describe
|
cloudsql.instances.get
|
gcloud sql instances failover
|
cloudsql.instances.failover
|
gcloud sql instances import
|
cloudsql.instances.import
|
gcloud sql instances list
|
cloudsql.instances.list
|
gcloud sql instances patch
|
cloudsql.instances.get
cloudsql.instances.update
|
gcloud sql instances promote-replica
|
cloudsql.instances.promoteReplica
|
gcloud sql instances reset-ssl-config
|
cloudsql.instances.resetSslConfig
|
gcloud sql instances restart
|
cloudsql.instances.restart
|
gcloud sql instances restore-backup
|
cloudsql.backupRuns.get
cloudsql.instances.restoreBackup
|
gcloud sql operations describe
|
cloudsql.instances.get
|
gcloud sql operations list
|
cloudsql.instances.get
|
gcloud sql operations wait
|
cloudsql.instances.get
|
gcloud sql ssl client-certs create
|
cloudsql.sslCerts.create
|
gcloud sql ssl client-certs delete
|
cloudsql.sslCerts.delete
|
gcloud sql ssl client-certs describe
|
cloudsql.sslCerts.list
|
gcloud sql ssl client-certs list
|
cloudsql.sslCerts.list
|
gcloud sql tiers list
|
None |
gcloud sql users create
|
cloudsql.users.create
|
gcloud sql users delete
|
cloudsql.users.delete
|
gcloud sql users list
|
cloudsql.users.list
|
gcloud sql users set-password
|
cloudsql.users.update
|
Required permissions for Cloud SQL Admin API methods
The following table lists the permissions that the caller must have to call
each method in the Cloud SQL Admin API, or to perform
tasks using Google Cloud tools that use the API (such as the
Google Cloud console or the gcloud
command line tool).
For more information, see Authorizing requests with OAuth 2.0 . All permissions are applied to the project. You cannot apply different permissions based on the instance or other lower-level object.
Method | Required permissions |
---|---|
backupRuns.delete
|
cloudsql.backupRuns.delete
|
backupRuns.get
|
cloudsql.backupRuns.get
|
backupRuns.insert
|
cloudsql.backupRuns.create
|
backupRuns.list
|
cloudsql.backupRuns.list
|
databases.delete
|
cloudsql.databases.delete
|
databases.get
|
cloudsql.databases.get
|
databases.insert
|
cloudsql.databases.create
|
databases.list
|
cloudsql.databases.list
|
databases.patch
|
cloudsql.databases.update
, cloudsql.databases.get
|
databases.update
|
cloudsql.databases.update
|
flags.list
|
None |
instances.clone
|
cloudsql.instances.clone
|
instances.delete
|
cloudsql.instances.delete
|
instances.export
|
cloudsql.instances.export
|
instances.failover
|
cloudsql.instances.failover
|
instances.get
|
cloudsql.instances.get
|
instances.import
|
cloudsql.instances.import
|
instances.insert
|
cloudsql.instances.create
|
instances.list
|
cloudsql.instances.list
|
instances.patch
|
cloudsql.instances.get
, cloudsql.instances.update
|
instances.promoteReplica
|
cloudsql.instances.promoteReplica
|
instances.resetSslConfig
|
cloudsql.instances.resetSslConfig
|
instances.restart
|
cloudsql.instances.restart
|
instances.restoreBackup
|
cloudsql.instances.restoreBackup
, cloudsql.backupRuns.get
|
instances.startReplica
|
cloudsql.instances.startReplica
|
instances.stopReplica
|
cloudsql.instances.stopReplica
|
instances.truncateLog
|
cloudsql.instances.truncateLog
|
instances.update
|
cloudsql.instances.update
|
operations.get
|
cloudsql.instances.get
|
operations.list
|
cloudsql.instances.get
|
sslCerts.delete
|
cloudsql.sslCerts.delete
|
sslCerts.get
|
cloudsql.sslCerts.get
|
sslCerts.insert
|
cloudsql.sslCerts.create
|
sslCerts.list
|
cloudsql.sslCerts.list
|
users.delete
|
cloudsql.users.delete
|
users.insert
|
cloudsql.users.create
|
users.list
|
cloudsql.users.list
|
users.update
|
cloudsql.users.update
|