About access control

MySQL  |  PostgreSQL  |  SQL Server

This page discusses the two levels of access control for Cloud SQLinstances. You must configure both levels of access control before you canmanage your instance.

Levels of access control

Configuring access control involves controlling who orwhat can access the instance. Access control occurs on two levels:

Instance-level access
Instance-level access authorizes access to your Cloud SQL instance from an application or client (running on an App Engine standard environment or externally) or from another Google Cloud service, such as Compute Engine.
Database access
Database access uses PostgreSQL roles to allow PostgreSQL users to have access to the data in your instance.

Note: For information about controlling who canmanage your instance, seeProject access control.

Instance-level access

How you configure instance-level access depends on where you are connectingfrom:
Connection sourceAccess configuration optionsMore information
Compute Engine
  • Cloud SQL Auth Proxy
  • Authorize static IP address
Google Kubernetes Engine
  • Cloud SQL Auth Proxy Docker image
  • Private IP
  • If using Public IP, the Cloud SQL Auth Proxy is required
App Engine standard environment
  • Same project: configure IAM
  • Between projects: configure IAM
App Engine flexible environment
  • Same project: preconfigured
  • Between projects: configure IAM
Cloud Run
  • A Cloud SQL instance set up with a public IP.
  • Between projects: also configure IAM

Database access

After a user or application connects to a database instance, the user orapplication must log in with a user or service account.As part of creating a Cloud SQL instance, you set up the default user(root) account. You can also create more users to give you finer-grained controlover access to your instance.

For more information,seePostgreSQL users and Creating and managing PostgreSQL users.

What's next

Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2025-07-18 UTC.