This page describes how to do the following for Cloud SQL instances:
- Configure the default user account.
- Create, delete, and update other user accounts.
For information about how users work with Cloud SQL, see MySQL Users.
Before you begin
Before completing the tasks below, create a Cloud SQL instance. For more information, see Creating instances.
If you plan to use your database's administrative client to manage users, you must have configured the default user on the instance. For more information, see Configuring the default account.
Additionally, you must have configured an administrative client connected to your instance. For more information, see Connection Options for External Applications.Configuring the default user account
When you create a new Cloud SQL instance, you must configure the default user account before you can connect to the instance.
For Cloud SQL for MySQL, the default user isroot@%.
To configure the default user:
Console
- Go to the Cloud SQL Instances page in the Google Cloud Console.
- Click the instance to open its Overview page.
- Select Users from the Navigation menu.
- Find the
rootuser with a Host value of% (any host)and select Change password from the more actions menu
. - Provide a strong password that you can remember and click Ok.
gcloud
Set the password for the default user:
gcloud sql users set-password root \
--host=% --instance=[INSTANCE_NAME] --prompt-for-password
REST v1beta4
The following request uses the users:update method to update the root user account
('root'@'%').
Before using any of the request data below, make the following replacements:
- project-id: Your project ID
- instance-id: The desired instance ID
- password: The password for the user
HTTP method and URL:
PUT https://www.googleapis.com/sql/v1beta4/projects/project-id/instances/instance-id/users?name=root&host=%25
Request JSON body:
{
"name": "root",
"password": "password"
}
To send your request, expand one of these options:
You should receive a JSON response similar to the following:
{
"kind": "sql#operation",
"targetLink": "https://www.googleapis.com/sql/v1beta4/projects/project-id/instances/instance-id",
"status": "DONE",
"user": "user@example.com",
"insertTime": "2020-02-07T22:38:41.217Z",
"startTime": "2020-02-07T22:38:41.217Z",
"endTime": "2020-02-07T22:38:44.801Z",
"operationType": "UPDATE_USER",
"name": "operation-id",
"targetId": "instance-id",
"selfLink": "https://www.googleapis.com/sql/v1beta4/projects/project-id/operations/operation-id",
"targetProject": "project-id"
}
Creating a user
To create a user:
Console
- Go to the Cloud SQL Instances page in the Google Cloud Console.
- Select the instance to open its Overview page.
- Select Users from the Navigation menu.
- Click ADD USER.
- In the Add a user account to instance instance_name page,
add the following information:
- A Username.
- A Password.
Optionally, a Host.
The default is '%', which means that the host list is unrestricted. You can also provide an IP address or IP address range, which means that only users connecting from those addresses will be able to access the database.
- Click Create.
Users created using Cloud SQL have the privileges associated with
the cloudsqlsuperuser role: CREATEROLE,
CREATEDB, and LOGIN. A user created by these
users can have database connection privileges, which can prevent the user
from being deleted.
Users created using Cloud SQL have all privileges except
FILE and SUPER. If you need to change the
privileges for a user, use the
GRANT or
REVOKE command in the
mysql client.
gcloud
Create the user:
gcloud sql users create [user_name] \ --host=[HOST] --instance=[INSTANCE_NAME] --password=[PASSWORD]
Users created using Cloud SQL have the privileges associated with
the cloudsqlsuperuser role: CREATEROLE,
CREATEDB, and LOGIN. A user created by these
users can have database connection privileges, which can prevent the user
from being deleted.
Users created using Cloud SQL have all privileges except
FILE and SUPER. If you need to change the
privileges for a user, use the
GRANT or
REVOKE command in the
mysql client.
User name length limits are the same for Cloud SQL as for on-premises MySQL; 32 characters for MySQL 8.0, 16 characters for earlier versions.
REST v1beta4
The request below uses the users:insert method to create a user account 'user_name'.
Before using any of the request data below, make the following replacements:
- project-id: Your project ID
- instance-id: The desired instance ID
- user-id: The ID of the user
- password: The password for the user
HTTP method and URL:
POST https://www.googleapis.com/sql/v1beta4/projects/project-id/instances/instance-id/users
Request JSON body:
{
"name": "user-id",
"password": "password"
}
To send your request, expand one of these options:
You should receive a JSON response similar to the following:
{
"kind": "sql#operation",
"targetLink": "https://www.googleapis.com/sql/v1beta4/projects/project-id/instances/instance-id",
"status": "DONE",
"user": "user@example.com",
"insertTime": "2020-02-07T22:44:16.656Z",
"startTime": "2020-02-07T22:44:16.686Z",
"endTime": "2020-02-07T22:44:20.437Z",
"operationType": "CREATE_USER",
"name": "operation-id",
"targetId": "instance-id",
"selfLink": "https://www.googleapis.com/sql/v1beta4/projects/project-id/operations/operation-id",
"targetProject": "project-id"
}
Users created using Cloud SQL have the privileges associated with
the cloudsqlsuperuser role: CREATEROLE,
CREATEDB, and LOGIN. A user created by these
users can have database connection privileges, which can prevent the user
from being deleted.
Users created using Cloud SQL have all privileges except
FILE and SUPER. If you need to change the
privileges for a user, use the
GRANT or
REVOKE command in the
mysql client.
User name length limits are the same for Cloud SQL as for on-premises MySQL; 32 characters for MySQL 8.0, 16 characters for earlier versions.
MySQL Client
- At the
mysqlprompt, create the user:CREATE USER '[USER_NAME]'@'%' IDENTIFIED BY '[PASSWORD]'; - You can confirm the user creation by displaying the user table:
SELECT user, host FROM mysql.user;
For a Second Generation instance, the output looks similar to this example:+----------+-----------+ | user | host | +----------+-----------+ | root | % | | newuser | % | +----------+-----------+ 1 row in set (0.01 sec)
- Give the user privileges with the
GRANTstatement. For more information, see Privileges Provided by MySQL. -
Flush the
mysql.usertable to ensure that the change persists:FLUSH TABLES mysql.user;
Changing a user password
To change a user password:
Console
- Go to the Cloud SQL Instances page in the Google Cloud Console.
- Select the instance to open its Overview page.
- Select Users from the Navigation menu.
- Click more actions for the user you want to update.
- Select Change password, specify a new password, and click OK.
gcloud
Update the password:
gcloud sql users set-password [USER_NAME] \ --host=[HOST] --instance=[INSTANCE_NAME] --prompt-for-password
REST v1beta4
The following request uses the
users:update method to update the password for the user account
'user_name'@'%'. If your user has a different host, you must
modify the call with the correct host.
Before using any of the request data below, make the following replacements:
- project-id: Your project ID
- instance-id: The desired instance ID
- user-id: The ID of the user
- password: The password for the user
HTTP method and URL:
PUT https://www.googleapis.com/sql/v1beta4/projects/project-id/instances/instance-id/users?name=user-id
Request JSON body:
{
"name": "user-id",
"password": "password"
}
To send your request, expand one of these options:
You should receive a JSON response similar to the following:
{
"kind": "sql#operation",
"targetLink": "https://www.googleapis.com/sql/v1beta4/projects/project-id/instances/instance-id",
"status": "DONE",
"user": "user@example.com",
"insertTime": "2020-02-07T22:38:41.217Z",
"startTime": "2020-02-07T22:38:41.217Z",
"endTime": "2020-02-07T22:38:44.801Z",
"operationType": "UPDATE_USER",
"name": "operation-id",
"targetId": "instance-id",
"selfLink": "https://www.googleapis.com/sql/v1beta4/projects/project-id/operations/operation-id",
"targetProject": "project-id"
}
MySQL Client
- At the
mysqlprompt, change the password:SET PASSWORD FOR [USER] = PASSWORD('auth_string'); - Flush the
mysql.usertable to ensure that the change persists:FLUSH TABLES mysql.user;
Updating users
To update user properties such as host or privileges, you must use themysql
client. For more information, see
MySQL User Account Management in the MySQL
documentation.
Listing users
To list users:
Console
- Go to the Cloud SQL Instances page in the Google Cloud Console.
- Select the instance to open its Overview page.
- Select Users from the Navigation menu.
gcloud
List the users for this instance:
gcloud sql users list --instance=[INSTANCE_NAME]
For a complete list of parameters for this command, see the gcloud sql users list reference page.
REST v1beta4
The request below uses users:list method to list the users defined for an instance.
Before using any of the request data below, make the following replacements:
- project-id: Your project ID
- instance-id: The desired instance ID
HTTP method and URL:
GET https://www.googleapis.com/sql/v1beta4/projects/project-id/instances/instance-id/users
To send your request, expand one of these options:
You should receive a JSON response similar to the following:
{
"kind": "sql#usersList",
"items": [
{
"kind": "sql#user",
"etag": "--redacted--",
"name": "sqlserver",
"host": "",
"instance": "instance-id",
"project": "project-id",
"sqlserverUserDetails": {
"serverRoles": [
"CustomerDbRootRole"
]
}
},
{
"kind": "sql#user",
"etag": "--redacted--",
"name": "user-id-1",
"host": "",
"instance": "instance-id",
"project": "project-id",
"sqlserverUserDetails": {
"serverRoles": [
"CustomerDbRootRole"
]
}
},
{
"kind": "sql#user",
"etag": "--redacted--",
"name": "user-id-2",
"host": "",
"instance": "instance-id",
"project": "project-id",
"sqlserverUserDetails": {
"serverRoles": [
"CustomerDbRootRole"
]
}
},
{
...
},
{
...
}
]
}
MySQL Client
At the mysql prompt, list the MySQL users:
SELECT user, host FROM mysql.user;
For a Second Generation instance with only the root user account configured, the output looks similar to this example:
+------+-----------+ | user | host | +------+-----------+ | root | % | +------+-----------+ 1 row in set (0.01 sec)
This example shows the users for an instance where the user'root'@'%' was added. The password field shows the hash of the password.
Deleting users
To delete a user:
Before deleting a user, you must drop all the objects it owns or reassign their ownership, and revoke any privileges the role has been granted on other objects.
Console
- Go to the Cloud SQL Instances page in the Google Cloud Console.
- Select the instance to open its Overview page.
- Select Users from the Navigation menu.
- Click more actions for the user you want
to delete.
- Select Delete and click OK.
gcloud
Delete the user:
gcloud sql users delete [USER_NAME] --host=[HOST] --instance=[INSTANCE_NAME]
REST v1beta4
The request below uses the users:delete method to delete the specified user account.
Before using any of the request data below, make the following replacements:
- project-id: Your project ID
- instance-id: The desired instance ID
- user-id: The ID of the user
HTTP method and URL:
DELETE https://www.googleapis.com/sql/v1beta4/projects/project-id/instances/instance-id/users?host=&name=user-id
Request JSON body:
{
"name": "user-id",
"host": ""
}
To send your request, expand one of these options:
You should receive a JSON response similar to the following:
{
"kind": "sql#operation",
"targetLink": "https://www.googleapis.com/sql/v1beta4/projects/project-id/instances/instance-id",
"status": "DONE",
"user": "user@example.com",
"insertTime": "2020-02-07T22:38:41.217Z",
"startTime": "2020-02-07T22:38:41.217Z",
"endTime": "2020-02-07T22:38:44.801Z",
"operationType": "DELETE_USER",
"name": "operation-id",
"targetId": "instance-id",
"selfLink": "https://www.googleapis.com/sql/v1beta4/projects/project-id/operations/operation-id",
"targetProject": "project-id"
}
MySQL Client
- At the
mysqlprompt, delete the user:DROP USER '[USER_NAME]'@'[HOST_NAME]';
For more information about the
DROP USERstatement, see the MySQL documentation. - Flush the
mysql.usertable to ensure that the change persists:FLUSH TABLES mysql.user;
What's next
- Learn more about how Cloud SQL works with users.
- Read the MySQL documentation about user creation.
- Learn about connecting to instances.