| From: | Stephen Frost <sfrost(at)snowman(dot)net> |
|---|---|
| To: | Michael Paquier <michael(dot)paquier(at)gmail(dot)com> |
| Cc: | Andrew Beverley <andy(at)andybev(dot)com>, PostgreSQL mailing lists <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: Creating a user for pg_start_backup |
| Date: | 2015-07-27 17:43:13 |
| Message-ID: | 20150727174313.GG3587@tamriel.snowman.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
* Michael Paquier (michael(dot)paquier(at)gmail(dot)com) wrote:
> On Tue, Jul 21, 2015 at 4:47 PM, Andrew Beverley <andy(at)andybev(dot)com> wrote:
> > Dear all,
> >
> > I'm setting up hot backups on my database server. As such, I'd like to set up a
> > Postgres user that has access to only pg_start_backup and pg_stop_backup.
> >
> > I'm unable to work out how to do this with the various GRANT options. Can someone
> > point me in the right direction please? Or is there a better way to achieve this,
> > rather than having a dedicated user?
>
> Access to pg_start_backup and pg_stop_backup can be done with either a
> replication user or a superuser. You can define user with such rights
> with CREATE ROLE with the keyword REPLICATION:
> http://www.postgresql.org/docs/devel/static/sql-createrole.html
Note that the REPLICATION role gets a great deal more access than simply
being able to run pg_start/stop_backup, such as being able to connect to
the magic replication database and be able to stream the contents of the
database.
Would be great to understand your use-case better, to see if the
proposed default roles would be a better eventual solution for you.
Thanks,
Stephen
| From | Date | Subject | |
|---|---|---|---|
| Next Message | AI Rumman | 2015-07-27 17:48:37 | pg_dump error |
| Previous Message | Adam Brusselback | 2015-07-27 17:26:00 | Re: Using the database to validate data |