The topic describes the permissions that are required to back up or restore databases.
Account permissions
- MySQL databases
Feature Required permission Backup - Physical backup: LOCK_TABLES, REPLICATION_CLIENT, PROCESS, SUPER, CREATE, and RELOAD
For MySQL 8.0:
- The database account must also have the BACKUP_ADMIN permission and the SELECT permission on the performance_schema.log_status table.
- Only the mysql_native_password authentication mode is supported. The caching_sha2_password authentication mode is not supported.
- Logical backup: SELECT, SHOW VIEW, REPLICATION SLAVE, and REPLICATION CLIENT permissions on the destination and information_schema databases
Restoration SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, INDEX, ALTER, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, EVENT, and TRIGGER Note- During incremental backups, Database Backup (DBS) must execute the
show binary logs
statement. For MySQL 5.5.24 and earlier versions, theSUPER
permission is required. For MySQL 5.5.25 and later versions, only theREPLICATION CLIENT
permission is required. - For ApsaraDB RDS databases, read-only permissions are required to perform backups, whereas read and write permissions are required to perform backup and restoration.
- Physical backup: LOCK_TABLES, REPLICATION_CLIENT, PROCESS, SUPER, CREATE, and RELOAD
- SQL Server databases
Feature Required permission Backup SELECT and VIEW DEFINITION Restoration SELECT, INSERT, ALTER Database, REFERENCES, and VIEW DEFINITION - Oracle databases
Feature Required permission Backup DBA Restoration DBA - PostgreSQL databases
Feature Required permission Backup SELECT or SUPER role Restoration CREATE, INSERT, USAGE, REFERENCES, and TRIGGER - MongoDB databases
Feature Required permission Backup Read permissions on the admin database, local database, config database, and databases to be backed up Restoration Read and write permissions on the databases to be restored