Adding non-superuser privilege requirement for pgbackrest in the "Quick Start" page
CC-Hsu opened this issue · 1 comments
CC-Hsu commented
Summary
Adding required DB user privileges for pgbackrest backup user.
Where would you like to see this added?
Rationale
Hi, Team,
Usually most users are tend to minimize user privileges for management accounts, including backup accounts.
For example, In the Barman doc page there is a list for required privileges.
It would be great to simply add required privileges for pgbackrest in the quickstart page rather than in other page.
I guess the following setups are sufficient but not quite sure.
create user pgbackrest login replication password 'backup-password';
grant pg_read_all_settings to pgbackrest ;
grant EXECUTE on FUNCTION pg_create_restore_point to pgbackrest ;
grant EXECUTE on FUNCTION pg_switch_wal to pgbackrest ;
grant EXECUTE on FUNCTION pg_walfile_name, pg_start_backup, pg_stop_backup(bool,bool) to pgbackrest ;
Best Regards.
CC-Hsu commented
Hi, Team,
I additionally find pg_checkpoint
should be granted to the user (available since EPAS/PGSQL 15+) if start-fast is enabled in pgbackrest.conf
.
It seems that there should be a complete list for non-supueruser privilege requirement.