This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

How to create and manage superusers in Google Cloud SQL with SQL Server

Posted 4 weeks ago
henryleme
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

I'm a database engineer that works most with SQL Server and with experience with SQL Server and all SQL alternatives in Microsoft Azure and AWS.

Recently I had to work with a managed SQL Server Instance on Google Cloud SQL for the first time;

Of course I had to learn all the little differences that SQL Server has on GCP...
In all google manuals and forums I was able to learn and find the answer for the obstacles that I had working for the first time with GC SQL, but there is one thing that out there on the internet, there is not a real manual of google covering everything about the subject;
It is superusers! I found something about not having a sysadmin role in GC engineering, but I didn't found any solutions if I have to use a user that has to use sysadmin privileges...

I'm on a situation that I need to have full access to all system databases, but I can't grant a db_owner permissions to this type of database with the "sqlserver" default user that for what I searched is the user with most privileges, and I can't give sysadmin privileges as well!
In this type of situation, what are the answer to this problems? How can I have full (sysadmin or db_owner) privileges in system dbs like master, msdb and tempdb?

2 2 113
Topic Labels
2 REPLIES 2

Posted on --/--/---- --:-- AM
christianpaula
Staff
Reply posted on --/--/---- --:-- AM

Hi @henryleme,

Welcome to Google Cloud Community!

In Google Cloud SQL for SQL Server, you can't create superusers with full access like traditional SQL Server. The equivalent of "sysadmin" role doesn't exist.

What you can do is as follows::

  1. Use built-in roles like cloudsqlsecurityadmin or cloudsqlsystemadmin for elevated permissions (check documentation for available roles).
  2. Explore alternative tools or approaches to achieve what you need without needing sysadmin privileges.
  3. Contact Google Cloud Support for specific situations.

Reference:

Posted on --/--/---- --:-- AM
henryleme
Bronze 1
Bronze 1
In response to christianpaula
Reply posted on --/--/---- --:-- AM

Okay, so there is this 2 roles cloudsqlsecurityadmin and cloudsqlsystemadmin...

But how do I use it? How can I grant a SQL Server User this "built-in role"?

In the regular engineering of SSMS this option doesn't exist and in the Cloud SQL Portal the only option that I have in the Users section is to change the password or remove te user!

In the IAM my user has all permissions that a full administrator should have, but how this affects the user itself like I asked, still don't know...

henryleme_0-1712930027572.png

How can I have a user in Google Cloud SQL Server instance that has similar permissions to sysadmin and can do a simple task like give a db_owner permission in a Master database?

Still confused how can I as a Database Engineer have full access to the engineering of SQL Server! I know there is some differences on the GC SQL for security issues, but I still need to have access to everything, so I can properly work with the database...