I have two db-instances of CloudSQL on Google cloud, test and prod. Currently I have two service accounts with the Cloud SQL Client role. Problem is that both these accounts have access to both instances. I preferably would like to lock down the accounts to separate instances, e.g. service account test should only be able to access the test cloudSQL instance.
Is this possible? I tried creating a custom role but can't even find the CloudSQL permissions to add there.
