| From: | Stephen Frost <sfrost(at)snowman(dot)net> |
|---|---|
| To: | Timmy Siu <timmy(dot)siu(at)aol(dot)com> |
| Cc: | pgsql-general(at)lists(dot)postgresql(dot)org |
| Subject: | Re: Minimum privilege for Backup and replication |
| Date: | 2019-10-10 15:16:28 |
| Message-ID: | 20191010151628.GE6962@tamriel.snowman.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Greetings,
* Timmy Siu (timmy(dot)siu(at)aol(dot)com) wrote:
> Now, my question is -
> What is the Minimum Privilege of a pgsql Backup or Replication user?
To perform a file-level backup of PostgreSQL, your OS user will need
read access to all of the files in the data directory (you can use group
privileges for that as of v11, as I recall), and then it'll need to be
able to connect to PG as a user and be able to execute the
pg_start_backup() and pg_stop_backup() functions (you can grant that
access by issuing GRANT commands). Depending on your file-level backup
solution (please do NOT roll your own...), you might also need to grant
access to functions like pg_switch_wal() too. Check the documentation
for the backup solution.
We do not (yet, anyway.. maybe in v13) have a way to GRANT read access
to all tables in a database to be able to perform a database-wide export
of the dat (using pg_dump).
For replication, you need to create a user with the 'replication' role
attribute and configure pg_hba.conf to allow the client to connect to
the replication database.
Thanks,
Stephen
| From | Date | Subject | |
|---|---|---|---|
| Next Message | PASCAL CROZET | 2019-10-10 15:30:57 | RE: plpgsql copy import csv double quotes |
| Previous Message | Adrian Klaver | 2019-10-10 15:07:39 | Re: Event Triggers and GRANT/REVOKE |