How to disable the Database flag user options for Cloud SQL on the SQL Server instance via gcloud

Introduction

The user options option specifies global defaults for all users. A list of default query processing options is established for the duration of a user’s work session. The user options option allows you to change the default values of the SET options (if the server’s default settings are not appropriate).

It is recommended that, user options database flag for Cloud SQL SQL Server instance should not be configured.

Having a single global configuration for users prevents granular options from being assigned to users. Although not directly a security problem, any security related settings that may have been established for specific users are going to be overwritten due to the current misconfiguration. This misconfiguration can potentially lower the overall security of the database instance.

Steps to disable the “user options” flag using gcloud

1. List all Cloud SQL database Instances

   gcloud sql instances list

   

2. Clear the user options database flag for every Cloud SQL SQL Server database instance using either of the below commands.

• Clearing all flags to their default value:

  gcloud sql instances patch [INSTANCE_NAME] --clear-database-flags

  

OR

• To clear only user options database flag, configure the database flag by overriding the user options. Exclude user options flag and its value, and keep all other flags you want to configure.

  gcloud sql instances patch [INSTANCE_NAME] --database-flags [FLAG1=VALUE1,FLAG2=VALUE2]

Note : This command will overwrite all database flags previously set. To keep those and add new ones, include the values for all flags you want set on the instance; any flag not specifically included is set to its default value. For flags that do not take a value, specify the flag name followed by an equals sign (""="").