stackoom
  简体   繁体   中英

Can I create a read-only user in Google Cloud SQL

 原文  2014-06-29 10:27:20       google-cloud-sql

Question

Google Cloud SQL only allows you to control the database root user password. I need to create a new user and limit his access to read-only, while maintaining the full privileged user.

Is there a way of doing that?

Thanks in advance,

4 answers

solution1
 2  2014-06-30 02:04:10

You can achieve that using the regular MySQL permissions. Here is how you can add a user that has SELECT access to a database test .

mysql> GRANT ALL ON test.* TO user@'%';
Query OK, 0 rows affected (0.07 sec)

mysql> SHOW GRANTS FOR user@'%'\G
*************************** 1. row ***************************
Grants for user@%: GRANT USAGE ON *.* TO 'user'@'%'
*************************** 2. row ***************************
Grants for user@%: GRANT ALL PRIVILEGES ON `test`.* TO 'user'@'%'
2 rows in set (0.07 sec)

mysql>

If you want to grant SELECT access to all the databases you can use GRANT ALL ON `%`.* .

Reference: Cloud SQL: How can I use GRANT ALL?

solution2
 1  2022-06-04 19:16:07

不应使用 ALL

GRANT SELECT ON test.* TO user@'%';

solution3
 0  2022-07-07 05:53:20

Steps within GCP:

First create user database using Built-in authentication option at https://console.cloud.google.com/sql/instances/YOUR_INSTANCE_NAME/users

Revoke cloudsqlsuperuser privilege:

REVOKE `cloudsqlsuperuser`@`%` FROM `user`@`%`;

Grant SELECT privilege:

GRANT SELECT ON *.* TO `user`@`%`;

Verify:

SHOW GRANTS FOR 'user';
-- You should see:
-- GRANT SELECT ON *.* TO `user`@`%`

solution4
 0  2022-09-21 08:41:58

In my case, there are three read-write databases, db_dev , db_qa and db_prod and two readonly databases, readonly_db1 and readonly_db2 .

I configure the DB account username@'<IP or %>' below:

  1. Grant privilege
GRANT ALL ON db_dev.* TO username@'<IP or %>';
GRANT ALL ON db_qa.* TO username@'<IP or %>';
GRANT ALL ON db_prod.* TO username@'<IP or %>';
GRANT SELECT ON readonly_db1.* TO username@'<IP or %>';
GRANT SELECT ON readonly_db2.* TO username@'<IP or %>';
SHOW GRANTS FOR username@'<IP or %>';
  1. Revoke superuser privilege.
REVOKE `cloudsqlsuperuser`@`%` FROM username@'<IP or %>';
SHOW GRANTS FOR username@'<IP or %>';

The GRANT operation must execute before REVOKE .

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Google Cloud - Django - OSError: [Errno 30] Read-only file system Re-encoding audio file to linear16 for google cloud speech api fails with '[Errno 30] Read-only file system' Create Google cloud SQL MySQL read replica on a different project Google Clould Functions deploy: EROFS: read-only file system Firebase Cloud Storage: can I test if an authenticated user can read an object based on the rules? I can't get google cloud functions gen 2 to work with only authorized requests from behind a API Gateway TensorBoard can not read summaries on Google Cloud Storage Can I use a cloud Function to create a new document for each user simultaneously? How can I create external data source in BigQuery and connect to composer cloud sql? AWS Lambda read-only file system error failed to create directory with Docker image
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM