0

I need to create a service account for managing (create, update, delete) PostgreSQl database instances in Cloud SQL. I was thinking to use "roles/cloudsql.editor" role, but it does not have permission for deleting databases. Must I use the editor primitive role for deletion? If so, can I somehow limit it to have permissions to delete Cloud SQL instances only?

As a second option, should I maybe create a custom role based on the "roles/cloudsql.editor" and extend it with some deletion permission for Cloud SQL instances?

Best Regards,

Jovan

Improve this question

1 Answer 1

Reset to default
0

You may create a custom role and apply the IAM permissions you require. Thereafter, you can grant this custom role to your service account. In your senario, I assume you need the following permissions:

cloudsql.databases.create cloudsql.databases.delete cloudsql.databases.update
Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.