gcloud sql users assign-roles - updates a user's database roles in a given instance

gcloud sql users assign-rolesUSERNAME--instance=INSTANCE,-iINSTANCE--type=TYPE[--async][--database-roles=[ROLE,…]][--host=HOST][--revoke-existing-roles][GCLOUD_WIDE_FLAG …]

gcloudsqlusersassign-rolesmy-user--instance=prod-instance--database-roles=role1,role2--type=BUILT_IN

To revoke existing database roles and grant new database rolesrole3 androle4 formy-user in instanceprod-instance, run:

gcloudsqlusersassign-rolesmy-user--instance=prod-instance--revoke-existing-roles--database-roles=role3,role4--type=BUILT_IN

USERNAME

Cloud SQL username.

--instance=INSTANCE,-iINSTANCE

Cloud SQL instance ID.

--type=TYPE

Cloud SQL user's type. It determines the method to authenticate the user duringlogin. See the list of user types athttps://cloud.google.com/sql/docs/postgres/admin-api/rest/v1beta4/SqlUserType

--async

Return immediately, without waiting for the operation in progress to complete.

--database-roles=[ROLE,…]

A comma-separated list of database roles to be assigned to the user. This optionis only available for MySQL and PostgreSQL instances. You can include predefinedCloud SQL roles, like cloudsqlsuperuser, or your own custom roles. Custom rolesmust be created in the database before you can assign them. You can create rolesusing the CREATE ROLE statement for both MySQL and PostgreSQL.

--host=HOST

Cloud SQL user's hostname expressed as a specific IP address or address range.% denotes an unrestricted hostname. Applicable flag for MySQLinstances; ignored for all other engines. Note, if you connect to your instanceusing IP addresses, you must add your client IP address as an authorizedaddress, even if your hostname is unrestricted. For more information, seeConfigure IP.

--revoke-existing-roles

A boolean flag for revoking existing database roles from the user. This optionis only available for MySQL and PostgreSQL instances.

Run$gcloud help for details.