You are the Database Engineer responsible for setting up IAM policies to ensure secure connectivity and access control for your organization's Google Cloud SQL databases. Which of the following IAM roles should be granted to a user who needs to manage the database instances but should not have access to the actual data stored in the databases?