MySQL Users

This page describes how Google Cloud SQL works with MySQL users. MySQL user accounts provide security by controlling access to MySQL databases.

For complete documentation about MySQL users, see the MySQL documentation. For information about creating and managing Cloud SQL users, see Creating and Managing Users.

Why you need MySQL user accounts

MySQL user accounts enable you to log in to and administer your Cloud SQL instance. User accounts are also required for applications to access your instance.

MySQL user account format

MySQL user accounts have two components: a user name and a host name. The user name identifies the user, and the host name specifies what hosts that user can connect from. The user name and host name are combined to create a user account:

'<user_name>'@'<host_name>'

You can specify a specific IP address or address range for host name, or use the percent character ("%") to leave the host name unrestricted. Note that if you connect to your instance using IP addresses, you must add your client IP address as an Authorized Address, even if your user's host name is unrestricted.

User accounts are defined by both the user name and the host name. For example, 'root'@'%' is a different user account than 'root'@'localhost'.

Default MySQL users

When you create a new First Generation instance, it has two default user accounts: ''@'localhost' and 'root'@'localhost'. Second Generation instances have one default user account: 'root'@'%'.

The root user account

You configure the root user account for a new instance so you can access the instance. For simplicity, the root user account is configured to connect from any host:

'root'@'%'

The root user has all privileges except SUPER and FILE.

Configure your root user with a strong password. Because it exists on most MySQL installations, the root user is a common target for unauthorized access. Any person or program that gains access to your instance will have almost unlimited access to and control over your instance and data.

For help with configuring the root user account, see Configuring the root user account.

Other MySQL user accounts

You can also create other MySQL user accounts; this is a good practice because it enables you to use different MySQL user accounts for different purposes. You can also create a root account with a restricted hostname, or limit privileges for your user accounts.

For more information about user account names, see the MySQL documentation

User privileges

MySQL provides fine-grained privileges you can grant or remove for a user. This enables you to control what a user can do on your instance.

Users created by using the Google Cloud Platform Console have the same privileges as the root user. When you create a user by using the MySQL Client, you must grant that user privileges with the GRANT statement.

For more information about the privileges supported by MySQL, see Privileges Provided by MySQL.

What's next

Send feedback about...

Cloud SQL for MySQL