After creating an instance, you must create user accounts if want to connect to the instance from applications other than Google App Engine. App Engine applications connect to an instance using the account 'root'@'localhost'. Other applications such as MySQL Client connect to an instance using accounts 'user_name'@'host_name' where user_name and host_name are what you specify when you create a user account.
When you add user accounts, you can control how restrictive per-host permissions are with the host_name. For example, if you specify host_name as a wildcard '%', it means any host can use the user account to connect to the instance. For more information, see Adding User Accounts and Specifying Account Names in the MySQL documentation.
A new instance has four default user accounts: 'root'@'127.0.0.1', 'root'@'::1', ''@'localhost', and 'root'@'localhost'.
If a connection to an instance does not explicitly specify a user, Google Cloud SQL connects using the root user, which has admin MySQL privileges on the instance. If the connection does not match at least one host_name of an existing root user account, the connection will not succeed. We recommend that you create and use accounts other than root for your connections.
In replication scenarios, root user accounts you create for a master instance are propagated to each replica. For more information, see Enabling Cloud SQL read replicas.
To create a user:
Developers Console
- Go to the Google Developers Console and select a project by clicking on the project name.
- In the sidebar on the left, click Storage > Cloud SQL to show a list of Cloud SQL instances for the project.
- Select the instance on which to create a user.
- Select Access Control > Users.
- Click New User.
- In the New MySQL user dialog, specify
- A Username.
- A Password.
- Optionally, a Client Host. The default is '%'.
The Username and Client Host are combined to form the full account name 'user_name'@'host_name'.
- Click Add.
cURL
You can use the Cloud SQL Admin API directly to create a user. For example, using cURL, the following request uses the insert method to create a user account 'user_name'@'%'.
curl --header 'Authorization: Bearer accessToken' \
--header 'Content-Type: application/json' \
https://www.googleapis.com/sql/v1beta4/projects/your-project-id/instances/your-instance-name/users \
--data '{"host": "%", "name": "user_name", "password": "password"}' \
-X POST
You can get an authorization access token to use in the cURL command from the OAuth 2.0 Playground.
SQL
- If this is the first time logging into the instance, you must first create an account that you can use to log in with, for example, 'root'@'%'. You can use the Developers Console or the Cloud SQL API to create an initial account.
- Allow access to the instance by configuring access control for IP connections.
- From an application or tool, connect to the instance and create a user.
For example, you can connect from MySQL client
and create a user as follows:
shell> mysql --host=INSTANCE_IP --user=USER_NAME --password mysql> CREATE USER 'testuser'@'%' IDENTIFIED BY 'some-password'; Query OK, 0 rows affected (0.06 sec) mysql> SELECT User, Host, Password FROM mysql.user; +----------+-----------+-------------------------------------------+ | User | Host | Password | +----------+-----------+-------------------------------------------+ | root | localhost | | | root | 127.0.0.1 | | | root | ::1 | | | | localhost | | | root | % | *BFB60DA8A615B20CB80BD885B904CB5086C6750C | | testuser | % | *60F988771147943DEDD313EF0E4E080FCA55DFE3 | +----------+-----------+-------------------------------------------+ 6 rows in set (0.06 sec)
Google Cloud SQL does not support
SUPERprivileges which means thatGRANT ALL PRIVILEGESstatements will not work. As an alternative, you can useGRANT ALL ON `%`.*.For information about creating MySQL users, see Adding User Accounts in the MySQL documentation.
To change a user password:
Developers Console
To set the MySQL root account password:
- Go to the Google Developers Console and select a project by clicking on the project name.
- In the sidebar on the left, click Storage > Cloud SQL to show a list of Cloud SQL instances for the project.
- Select the instance that contains the user to edit.
- Select Access Control > Users.
- Click more actions
on the row for the user you want
to change.
- Select Change Password, specify a new password, and click OK.
- Or, select Delete and confirm the deletion by clicking OK.
cURL
You can use the Cloud SQL Admin API directly to edit a user. For example, using cURL, the following request uses the update method to update the user account 'user_name'@'%'.
curl --header 'Authorization: Bearer accessToken' \
--header 'Content-Type: application/json' \
https://www.googleapis.com/sql/v1beta4/projects/your-project-id/instances/your-instance-name/users?name=user_name&host=%25 \
--data '{"password": "password"}' \
-X PUT
You can get an authorization access token to use in the cURL command from the OAuth 2.0 Playground.
SQL
- If this is the first time logging into the instance, you must first create an account that you can use to log in with, for example, 'root'@'%'. You can use the Developers Console or the Cloud SQL API to create an initial account.
- Allow access to the instance by configuring access control for IP connections.
- From an application or tool, connect to the instance and edit a user.
For example, you can connect from MySQL client
and delete a user as follows:
shell> mysql --host=INSTANCE_IP --user=USER_NAME --password mysql> SELECT User, Host, Password FROM mysql.user; +----------+-----------+-------------------------------------------+ | User | Host | Password | +----------+-----------+-------------------------------------------+ | root | localhost | | | root | 127.0.0.1 | | | root | ::1 | | | | localhost | | | root | % | *BFB60DA8A615B20CB80BD885B904CB5086C6750C | | testuser | % | *60F988771147943DEDD313EF0E4E080FCA55DFE3 | +----------+-----------+-------------------------------------------+ 6 rows in set (0.06 sec) mysql> DROP USER 'testuser'@'%'; Query OK, 0 rows affected (0.10 sec)
- To edit an existing user, drop the user and create a new user.
To list users:
Developers Console
- Go to the Google Developers Console and select a project by clicking on the project name.
- In the sidebar on the left, click Storage > Cloud SQL to show a list of Cloud SQL instances for the project.
- Select the instance for which you want to list users.
- Select Access Control > Users.
- Select New User and specify the Username and Password.
- Click Add.
cURL
You can use the Cloud SQL Admin API directly to list users. For example, using cURL, the following request uses list method to list the users defined for an instance.
curl --header 'Authorization: Bearer accessToken' \
https://www.googleapis.com/sql/v1beta4/projects/your-project-id/instances/your-instance-name/users \
-X GET
You can get an authorization access token to use in the cURL command from the OAuth 2.0 Playground.
SQL
- If this is the first time logging into the instance, you must first create an account that you can use to log in with, for example, 'root'@'%'. You can use the Developers Console or the Cloud SQL API to create an initial account.
- Allow access to the instance by configuring access control for IP connections.
- From an application or tool, connect to the instance and list users.
For example, you can connect from MySQL client
and list users as follows:
shell> mysql --host=INSTANCE_IP --user=USER_NAME --password mysql> SELECT User, Host, Password FROM mysql.user; +------+-----------+-------------------------------------------+ | User | Host | Password | +------+-----------+-------------------------------------------+ | root | localhost | | | root | 127.0.0.1 | | | root | ::1 | | | | localhost | | | root | % | *BFB60DA8A615B20CB80BD885B904CB5086C6750C | +------+-----------+-------------------------------------------+ 5 rows in set (0.06 sec)
The output of the SELECT command above shows the users for an instance where the user'root'@'%' was added. The password field shows the hash of the password.