[go: nahoru, domu]
Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adding non-superuser privilege requirement for pgbackrest in the "Quick Start" page #5557

Open
CC-Hsu opened this issue Apr 29, 2024 · 1 comment
Open

Adding non-superuser privilege requirement for pgbackrest in the "Quick Start" page #5557

CC-Hsu opened this issue Apr 29, 2024 · 1 comment
Labels
enhancement New feature or request

Comments

@CC-Hsu
Copy link
CC-Hsu commented Apr 29, 2024

Summary

Adding required DB user privileges for pgbackrest backup user.

Where would you like to see this added?

https://github.com/EnterpriseDB/docs/blob/main/advocacy_docs/supported-open-source/pgbackrest/03-quick_start.mdx

Rationale

Hi, Team,

Usually most users are tend to minimize user privileges for management accounts, including backup accounts.

For example, In the Barman doc page there is a list for required privileges.

It would be great to simply add required privileges for pgbackrest in the quickstart page rather than in other page.

I guess the following setups are sufficient but not quite sure.

create user pgbackrest login replication password 'backup-password';
grant pg_read_all_settings to pgbackrest ;
grant EXECUTE on FUNCTION pg_create_restore_point to pgbackrest ;
grant EXECUTE on FUNCTION pg_switch_wal to pgbackrest ;
grant EXECUTE on FUNCTION pg_walfile_name, pg_start_backup, pg_stop_backup(bool,bool) to pgbackrest ;

Best Regards.
@CC-Hsu CC-Hsu added the enhancement New feature or request label Apr 29, 2024
@CC-Hsu
Copy link
Author
CC-Hsu commented May 8, 2024

Hi, Team,

I additionally find pg_checkpoint should be granted to the user (available since EPAS/PGSQL 15+) if start-fast is enabled in pgbackrest.conf.

It seems that there should be a complete list for non-supueruser privilege requirement.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@CC-Hsu