cancel
Showing results for 
Search instead for 
Did you mean: 

What are the minium user rights for creating a backup?

MCMartin
Participant
0 Kudos
1,319

What are the minimun rights a user account needs to be able to call dbbackup.exe with this user?

Background is: can we have a user which can't read any data in the database but is still able to do a backup?

Accepted Solutions (1)

Accepted Solutions (1)

Breck_Carter
Participant

FWIW Foxhound uses a mixture of old-school and politically-correct privileges to set up three end-user administration user ids ( they should all be upgraded but something more interesting always gets in the way 🙂

GRANT CONNECT TO STOPPER IDENTIFIED BY "SQL";  -- no other permissions, only used to connect via dbstop.exe

GRANT CONNECT TO BACKER IDENTIFIED BY "SQL";
GRANT BACKUP TO BACKER;
GRANT MANAGE ANY DBSPACE TO BACKER;  -- to allow dbbackup -x delete and restart transaction log

GRANT CONNECT TO VALIDATOR IDENTIFIED BY "SQL";
GRANT VALIDATE TO VALIDATOR;
VolkerBarth
Contributor
0 Kudos

The passwords seem rather old-school, as well, rather than following the "politally-correct" v17 minimum length:)

Breck_Carter
Participant

You're right, that's just inviting a dbvalid vector DOS attack! 🙂

Answers (1)

Answers (1)

VolkerBarth
Contributor

With v16 and above, there's a separate BACKUP DATABASE system privilege, so assigning the privilege should do, methinks, such as

GRANT BACKUP DATABASE TO ABackupOperator;