Following is the list of identified permissions (existing service account) required for supporting GCP Cloud SQL:
...
Additionally, the user account must have the Compute Network Admin role and secretmanager.secretAccessor Secret Manager Secret Accessor role.