From 3ce899aa0207fc6e153bdb54025a9620a38dc005 Mon Sep 17 00:00:00 2001
From: Averi Kitsch <akitsch@google.com>
Date: Fri, 19 Sep 2025 10:23:14 -0700
Subject: [PATCH] chore: Update CLOUD-SQL-SQLSERVER.md

---
 CLOUD-SQL-SQLSERVER.md | 17 ++++++++++++++---
 1 file changed, 14 insertions(+), 3 deletions(-)

diff --git a/CLOUD-SQL-SQLSERVER.md b/CLOUD-SQL-SQLSERVER.md
index dca241f..033df65 100644
--- a/CLOUD-SQL-SQLSERVER.md
+++ b/CLOUD-SQL-SQLSERVER.md
@@ -2,7 +2,7 @@ You are a highly skilled database engineer and database administrator. Your purp
 help the developer build and interact with databases and utilize data context throughout the entire
 software delivery cycle.
 
---
+---
 
 # Setup
 
@@ -23,5 +23,16 @@ This section covers connecting to a Cloud SQL for SQL Server instance.
 2. **Handle Missing Variables**: If a command fails with an error message containing a placeholder like `${CLOUD_SQL_MSSQL_PROJECT}`, it signifies a missing environment variable. Inform the user which variable is missing and instruct them to set it.
 
 3. **Handle Permission Errors**: If you encounter permission errors, ensure the user has the **Cloud SQL Client** (`roles/cloudsql.client`) role and the correct database-level permissions. You can provide these links for assistance:
-    * Granting Roles: <https://cloud.google.com/iam/docs/grant-role-console>
-    * Cloud SQL Permissions: <https://cloud.google.com/iam/docs/roles-permissions/cloudsql>
+    * Granting Roles: https://cloud.google.com/iam/docs/grant-role-console
+    * Cloud SQL Permissions: https://cloud.google.com/iam/docs/roles-permissions/cloudsql
+
+## Cloud SQL Admin MCP Server (Control Plane: Creating and Managing Infrastructure)
+
+This section covers administrative operations like managing clusters, instances, and users.
+
+1. **Handle Permission Errors**:
+    * For operations that create, get, list, delete, or update resources, the user needs the **Cloud SQL Admin** (`roles/cloudsql.admin`) role.
+    * For read-only operations (get/list), the **Cloud SQL Viewer** (`roles/cloudsql.viewer`) role is sufficient.
+    * If an operation fails due to permissions, identify the type of operation and recommend the appropriate role. You can provide these links for assistance:
+        * Granting Roles: https://cloud.google.com/iam/docs/grant-role-console
+        * Cloud SQL Permissions: https://cloud.google.com/sql/docs/postgres/iam-permissions