Set up Database Center

You can grant IAM permissions for an entire Google Cloud project to a principal on the IAM page of the Google Cloud console. Principals are users, groups, domains, or service accounts. For more information on principals, see Principals. Adding permissions at the project level grants the IAM permissions to a principal for all the instances, clusters, or databases in the project.

To use Database Center, you need to grant specific Identity and Access Management permissions to your principals. Permission levels determine the resources that Database Center principals can view. Permissions can be granted at the organization, folder, or project level. To let principals access all resources for your organization, we recommend that you grant organization-level permissions.

For more information about how IAM works at Google Cloud, see IAM documentation.

The following permission are available for the Database Center:

  • roles/databasecenter.viewer: grants view access to all instances in the Google Cloud project for which Database Center is enabled.
  • roles/recommender.viewer: grants view access to recommender-related health issues in the Google Cloud project for which Database Center is enabled. This permission is optional.

Additional IAM privileges might be required for recommendations related to Gemini in Databases or Security Command Center. For more information, see Enable Gemini in Databases or Enable Security Command Center.

Grant IAM permissions

Verify that you can add permissions

Before you attempt to apply project-level permissions, check that you have sufficient permissions to apply roles to another account. You need either the Owner or Admin role for the project you're trying to grant permissions for.

To confirm your permissions, complete the following steps:

  1. Go to your project's IAM page.

    Go to the IAM page

  2. Select the View by Principals option.

  3. Find your account in the list. If your account is listed as Owner or Admin in the Role column, you have sufficient permissions.

If you don't have sufficient permissions at the project level, ask the project's owner to grant you additional permissions.

Grant roles to new users

To grant a role to a user, complete the following steps:

  1. Go to your project's IAM page.

    Go to the IAM page

  2. Select the View by Principals option.

  3. Click GRANT ACCESS.

  4. In the Grant access window, complete the following:

    1. Confirm the Resource name.

    2. In the Add principals section, add the new principal that you'd like to grant permissions to in the New principals field. You can add one principal or multiple principals.

    3. In the Assign roles section, select the role you want to grant to the new principal(s) from the drop-down.

      To grant additional roles, click ADD ANOTHER ROLE.

    4. Click Save to grant roles to your selected principals.

Modify roles of existing principals

To add or remove roles to an existing principal in your project, complete the following steps:

  1. Go to your project's IAM page.

    Go to the IAM page

  2. Select the View by Principals option.

  3. Find the principal you want to update in the list and click Edit.

  4. In the Edit access window, you can either add new roles or delete existing roles.

    To add a new role, click Add another role, then select the role from the drop-down.

    To delete an existing role, press Delete next to the role you want to delete.

  5. Click Save to update roles.

Remove access for existing principals

To remove access for an existing principal, complete the following steps:

  1. Go to your project's IAM page.

    Go to the IAM page

  2. Select the View by Principals option.

  3. Find the principal you want to remove in the list and select the checkbox next to the name. To remove access for multiple principals, select the checkboxes for all principals you want to remove.

  4. Click REMOVE ACCESS.

  5. In the Remove principal window, click Confirm to remove access for the selected principals.

Enable Gemini in Databases

You can use Gemini in Databases to track health issues in Database Center, and Gemini chat to learn more about your database fleet and inventory. For more information about Gemini in Databases, see Gemini in Databases overview.

Gemini in Databases is enabled at the billing account level. To enable Gemini in Databases, complete the following:

  1. Grant the roles/billing.admin IAM role.

  2. Complete all the steps in Set up Gemini in Databases.

Enable Security Command Center

To track security-related health issues in Database Center, you need to activate Security Command Center (SCC). Security Command Center offers Standard and Premium tiers. To gain access to basic security issues, enable Security Command Center Standard. To gain access to all health issues supported by Security Command Center, enable Security Command Center Premium.

For more information about Security Command Center tiers and pricing, see Security Command Center pricing.

For more information about the security issues supported in Database Center, see Security issues supported by Security Command Center pricing tiers.

Once you have selected your preferred tier, Activate Security Command Center to use with Database Center.

What's next