Hi,
-- I had the same 403 issue until I added the "Cloud SQL Viewer" role.
On Friday, February 17, 2017 at 6:33:21 PM UTC+1, David Newgas wrote:
On Friday, February 17, 2017 at 6:33:21 PM UTC+1, David Newgas wrote:
... Basically I tihnk you might need to give your service account the "Cloud SQL Viewer" role in addition to "Cloud SQL Client".
As we document that only the client role is necessary, I'm going to see if there is a docs issue or a code issue too.
This is clearly an issue with the documentation:
> Required permissions for service accounts
>
> When you use a service account to provide the credentials for the proxy, you must create it with sufficient permissions.
> If you are using the finer-grained Identity Access and Management (IAM) roles to manage your Cloud SQL permissions, you must give the service account the Cloud SQL Client role.
cf. https://cloud.google.com/sql/docs/mysql/sql-proxy#authentication-options
You received this message because you are subscribed to the Google Groups "Google Cloud SQL discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-cloud-sql-discuss+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-cloud-sql-discuss/dc8b55f5-d806-44f7-ac29-875983b9f3de%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
No comments:
Post a Comment