- NAME
-
- gcloud beta sql users assign-roles - updates a user's database roles in a given instance
- SYNOPSIS
-
-
gcloud beta sql users assign-rolesUSERNAME--instance=INSTANCE,-iINSTANCE--type=TYPE[--async] [--database-roles=[ROLE,…]] [--host=HOST] [--revoke-existing-roles] [GCLOUD_WIDE_FLAG …]
-
- DESCRIPTION
-
(BETA)Updates a user's database roles in a given instance with a specified username and host. - EXAMPLES
-
To grant database roles
role1role2my-userprod-instancegcloud beta sql users assign-roles my-user --instance=prod-instance --database-roles=role1,role2 --type=BUILT_INTo revoke existing database roles and grant new database roles
role3role4my-userprod-instancegcloud beta sql users assign-roles my-user --instance=prod-instance --revoke-existing-roles --database-roles=role3,role4 --type=BUILT_IN - POSITIONAL ARGUMENTS
-
USERNAME- Cloud SQL username.
- REQUIRED FLAGS
-
--instance=INSTANCE,-iINSTANCE- Cloud SQL instance ID.
--type=TYPE- Cloud SQL user's type. It determines the method to authenticate the user during login. See the list of user types at https://cloud.google.com/sql/docs/postgres/admin-api/rest/v1beta4/SqlUserType
- OPTIONAL FLAGS
-
--async- Return immediately, without waiting for the operation in progress to complete.
--database-roles=[ROLE,…]- A comma-separated list of database roles to be assigned to the user. This option is only available for MySQL and PostgreSQL instances. You can include predefined Cloud SQL roles, like cloudsqlsuperuser, or your own custom roles. Custom roles must be created in the database before you can assign them. You can create roles using the CREATE ROLE statement for both MySQL and PostgreSQL.
--host=HOST-
Cloud SQL user's hostname expressed as a specific IP address or address range.
%denotes an unrestricted hostname. Applicable flag for MySQL instances; ignored for all other engines. Note, if you connect to your instance using IP addresses, you must add your client IP address as an authorized address, even if your hostname is unrestricted. For more information, see Configure IP. --revoke-existing-roles- A boolean flag for revoking existing database roles from the user. This option is only available for MySQL and PostgreSQL instances.
- GCLOUD WIDE FLAGS
-
These flags are available to all commands:
--access-token-file,--account,--billing-project,--configuration,--flags-file,--flatten,--format,--help,--impersonate-service-account,--log-http,--project,--quiet,--trace-token,--user-output-enabled,--verbosity.Run
$ gcloud helpfor details. - NOTES
-
This command is currently in beta and might change without notice. These
variants are also available:
gcloud sql users assign-rolesgcloud alpha sql users assign-roles
gcloud beta sql users assign-roles
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2026-02-03 UTC.