π Google Cloud SQL Server Instance user options Database Flag is configured π’
- Contextual name: π SQL Server Instance user options Database Flag is configured π’
- ID:
/ce/ca/google/sql/sqlserver-instance-user-options-flag - Located in: π Google Cloud SQL
Flagsβ
- π’ Policy with categories
- π’ Policy with type
- π’ Production policy
Our Metadataβ
- Policy Type:
COMPLIANCE_POLICY - Policy Category:
SECURITY
Similar Policiesβ
- Cloud Conformity
Logicβ
- π§ prod.logic.yaml π’
Descriptionβ
Descriptionβ
It is recommended that,
user optionsdatabase flag for Cloud SQL SQL Server instance should not be configured.Rationaleβ
The
user optionsoption specifies global defaults for all users. A list of default query processing options is established for the duration of a user's work session. The user options option allows you to change the default values of the SET options (if the server's default settings are not appropriate).A user can override these defaults by using the SET statement. You can configure user options dynamically for new logins. After you change the setting of user options, new login sessions use the new setting; current login sessions are not affected. This recommendation is applicable to SQL Server database instances.
Impactβ
Setting custom flags via command line on certain instances will cause all omitted flags to be reset to defaults. This may cause you to lose custom flags and could result in unforeseen complications or instance restarts. Because of this, it is recommended you apply these flags changes during a period of low usage.
... see more
Remediationβ
Remediationβ
From Google Cloud Consoleβ
- Go to the Cloud SQL Instances page in the Google Cloud Console by visiting https://console.cloud.google.com/sql/instances.
- Select the SQL Server instance for which you want to enable to database flag.
- Click
Edit.- Scroll down to the
Flagssection.- Click the X next
user optionsflag shown- Click
Saveto save your changes.- Confirm your changes under
Flagson the Overview page.From Google Cloud CLIβ
List all Cloud SQL database Instances
gcloud sql instances listClear the
user optionsdatabase flag for every Cloud SQL SQL Server database instance using either of the below commands.Clearing all flags to their default value
gcloud sql instances patch <INSTANCE_NAME> --clear-database-flagsOR
To clear only
user optionsdatabase flag, configure the database flag by overriding theuser options. Excludeuser optionsflag and its value, and keep all other flags you want to configure.gcloud sql instances patch <INSTANCE_NAME> --database-flags [FLAG1=VALUE1,FLAG2=VALUE2]... see more
policy.yamlβ
Linked Framework Sectionsβ
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| πΌ CIS GCP v3.0.0 β πΌ 6.3.4 Ensure 'user options' database flag for Cloud SQL SQL Server instance is not configured - Level 1 (Automated) | 1 | |||
| πΌ Cloudaware Framework β πΌ Secure Access | 43 |