Adding non-superuser privilege requirement for pgbackrest in the "Quick Start" page

Question

Adding non-superuser privilege requirement for pgbackrest in the "Quick Start" page

CC-Hsu opened this issue 5 months ago · 1 comments

CC-Hsu commented 5 months ago

Summary

Adding required DB user privileges for pgbackrest backup user.

Where would you like to see this added?

https://github.com/EnterpriseDB/docs/blob/main/advocacy_docs/supported-open-source/pgbackrest/03-quick_start.mdx

Rationale

Hi, Team,

Usually most users are tend to minimize user privileges for management accounts, including backup accounts.

For example, In the Barman doc page there is a list for required privileges.

It would be great to simply add required privileges for pgbackrest in the quickstart page rather than in other page.

I guess the following setups are sufficient but not quite sure.

create user pgbackrest login replication password 'backup-password';
grant pg_read_all_settings to pgbackrest ;
grant EXECUTE on FUNCTION pg_create_restore_point to pgbackrest ;
grant EXECUTE on FUNCTION pg_switch_wal to pgbackrest ;
grant EXECUTE on FUNCTION pg_walfile_name, pg_start_backup, pg_stop_backup(bool,bool) to pgbackrest ;

Best Regards.

Answer 1 · 2024-05-08T04:07:40.000Z

Hi, Team,

I additionally find pg_checkpoint should be granted to the user (available since EPAS/PGSQL 15+) if start-fast is enabled in pgbackrest.conf.

It seems that there should be a complete list for non-supueruser privilege requirement.