如何创建GCP Cloud SQL IAM用户 [英] How to create GCP Cloud SQL IAM Users

问题描述

这里的第一个答案是如何为您的Google Platform Cloud SQL实例创建Cloud SQL IAM用户的指南。

Here is a guide on how to connect after you've created the user.

推荐答案

1. 在上方工具栏上单击您的实例上的<"；编辑"；。转到标志并将<"；cloudsql.iam_authentication"；>设置为
(&Q>)

2. 转到左侧导航窗格上的"；用户&q；选项卡&>单击"；添加用户帐户

3. 在主体字段中使用人员的GCP电子邮件地址。任何人都可以创建此帐户，但只有IAM编辑可以更改IAM权限。IAM权限影响GCP对象，而不是数据库对象。无需设置IAM权限即可连接到数据库。

4. 使用实例IP地址和postgres用户连接到数据库。使用此用户可以分配权限，因为IAM用户创建时对数据库对象的权限为零。

grant connect on database database_name to "username@email.com";

-- Grant usage on current objects in a schema
grant all on SCHEMA schema_name to "username@email.com";
grant all on all TABLES in SCHEMA schema_name to "username@email.com";
grant all on all FUNCTIONS IN SCHEMA schema_name to "username@email.com";
grant all on all PROCEDURES IN SCHEMA schema_name to "username@email.com";
grant all on all ROUTINES IN SCHEMA schema_name to "username@email.com";
grant all on all SEQUENCES IN SCHEMA schema_name to "username@email.com";

-- Grant usage of any newly created objects in the future
ALTER DEFAULT PRIVILEGES IN SCHEMA schema_name GRANT all ON FUNCTIONS TO "username@email.com";
ALTER DEFAULT PRIVILEGES IN SCHEMA schema_name GRANT all ON ROUTINES TO "username@email.com";
ALTER DEFAULT PRIVILEGES IN SCHEMA schema_name GRANT all ON SEQUENCES TO "username@email.com";
ALTER DEFAULT PRIVILEGES IN SCHEMA schema_name GRANT all ON TABLES TO "username@email.com";
ALTER DEFAULT PRIVILEGES IN SCHEMA schema_name GRANT all ON types TO "username@email.com";

5. 通过更改会话测试用户的权限

set session authorization "username@email.com";

• 重置

reset session authorization;

6. Now you can connect to the database using the IAM details and Cloud SQL Proxy

这篇关于如何创建GCP Cloud SQL IAM用户的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！