on 2021 Jan 26 5:37 AM
What are the minimun rights a user account needs to be able to call dbbackup.exe with this user?
Background is: can we have a user which can't read any data in the database but is still able to do a backup?
Request clarification before answering.
FWIW Foxhound uses a mixture of old-school and politically-correct privileges to set up three end-user administration user ids ( they should all be upgraded but something more interesting always gets in the way 🙂
GRANT CONNECT TO STOPPER IDENTIFIED BY "SQL"; -- no other permissions, only used to connect via dbstop.exe GRANT CONNECT TO BACKER IDENTIFIED BY "SQL"; GRANT BACKUP TO BACKER; GRANT MANAGE ANY DBSPACE TO BACKER; -- to allow dbbackup -x delete and restart transaction log GRANT CONNECT TO VALIDATOR IDENTIFIED BY "SQL"; GRANT VALIDATE TO VALIDATOR;
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You're right, that's just inviting a dbvalid vector DOS attack! 🙂
With v16 and above, there's a separate BACKUP DATABASE system privilege, so assigning the privilege should do, methinks, such as
GRANT BACKUP DATABASE TO ABackupOperator;
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
50 | |
9 | |
8 | |
6 | |
5 | |
5 | |
5 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.