Why do you have to create a service account under the entire project for cloud sql proxy to work?

[wob...@yblew.com]

Why do you have to create a service account under the entire project for cloud sql proxy to work? When I remove the service account under the entire project and assign it to only cloud sql instance, I get a " oauth2: cannot fetch token: 401 Unauthorized" 

[Tony Tseng]

Hi,

It's because we haven't supported the ability to set service account access policy on an individual database instance. For now the service account needs to have at least the WRITER role on the project.

On Thu, Mar 31, 2016 at 2:49 PM, <wob...@yblew.com> wrote:

Why do you have to create a service account under the entire project for cloud sql proxy to work? When I remove the service account under the entire project and assign it to only cloud sql instance, I get a " oauth2: cannot fetch token: 401 Unauthorized" 

--
You received this message because you are subscribed to the Google Groups "Google Cloud SQL discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-cloud-sql-d...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-cloud-sql-discuss/29777299-a53c-47e1-8f7e-aad3c97d4db3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.