CloudSQL MySQL 8 user access control problem

[Goran Tepšić]

I just migrated a database to CloudSQL and trying to create users but with default settings for creating users from web UI, all my users are able to access all databases which is scary.

I tried using GRANTS like:

GRANT ALL ON user_production.* TO 'database_production'@'%';

It doesn't work though, regardless of the grants above, when I login via CLI MySQL client as any user, I can freely browse all databases with the same user.

Did I miss something? How do one limit CloudSQL's MySQL user to one particular database?

[Pavel Ivanov]

You should execute

REVOKE cloudsqlsuperuser FROM 'database_production'@'%';

cloudsqlsuperuser is the role that is granted to all users created
from web UI and that grants read/write permissions on all databases.
See https://cloud.google.com/sql/docs/mysql/users#cloudsqlsuperuser.


Pavel

> --
> You received this message because you are subscribed to the Google Groups "Google Cloud SQL discuss" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to google-cloud-sql-d...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/google-cloud-sql-discuss/d378c165-9bc9-4e34-ac50-1f2ebcbe62ccn%40googlegroups.com.

[Goran Tepšić]

Cool, can this affect replication with HA instances?

[Pavel Ivanov]

I don't understand how it can affect replication.