The topic describes the permissions that are required to back up or restore databases.

Account permissions

  • MySQL databases
    Feature Required permission
    Backup
    • Physical backup: LOCK_TABLES, REPLICATION_CLIENT, PROCESS, SUPER, CREATE, and RELOAD
      For MySQL 8.0:
      • The database account must also have the BACKUP_ADMIN permission and the SELECT permission on the performance_schema.log_status table.
      • Only the mysql_native_password authentication mode is supported. The caching_sha2_password authentication mode is not supported.
    • Logical backup: SELECT, SHOW VIEW, REPLICATION SLAVE, and REPLICATION CLIENT permissions on the destination and information_schema databases
    Restoration SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, INDEX, ALTER, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, EVENT, and TRIGGER
    Note
    • During incremental backups, Database Backup (DBS) must execute the show binary logs statement. For MySQL 5.5.24 and earlier versions, the SUPER permission is required. For MySQL 5.5.25 and later versions, only the REPLICATION CLIENT permission is required.
    • For ApsaraDB RDS databases, read-only permissions are required to perform backups, whereas read and write permissions are required to perform backup and restoration.
  • SQL Server databases
    Feature Required permission
    Backup SELECT and VIEW DEFINITION
    Restoration SELECT, INSERT, ALTER Database, REFERENCES, and VIEW DEFINITION
  • Oracle databases
    Feature Required permission
    Backup DBA
    Restoration DBA
  • PostgreSQL databases
    Feature Required permission
    Backup SELECT or SUPER role
    Restoration CREATE, INSERT, USAGE, REFERENCES, and TRIGGER
  • MongoDB databases
    Feature Required permission
    Backup Read permissions on the admin database, local database, config database, and databases to be backed up
    Restoration Read and write permissions on the databases to be restored