Skip to content

Commit

Permalink
PXB-2490 xtrabackup privileges update (8.0)
Browse files Browse the repository at this point in the history
 Changes to be committed:
	modified:   source/using_xtrabackup/privileges.rst
  • Loading branch information
patrickbirch committed Jun 3, 2021
1 parent d27028b commit 973de0f
Showing 1 changed file with 10 additions and 2 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -79,8 +79,7 @@ Once connected to the server, in order to perform a backup you will need
``READ`` and ``EXECUTE`` permissions at a filesystem level in the
server's :term:`datadir`.

The database user needs the following privileges on the tables/databases to be
backed up:
The database user needs the following privileges on the tables or databases to be backed up:

* ``RELOAD`` and ``LOCK TABLES`` (unless the :option:`--no-lock <--no-lock>`
option is specified) in order to run :mysql:`FLUSH TABLES WITH READ LOCK` and
Expand Down Expand Up @@ -119,6 +118,8 @@ backed up:
to look up the ``innodb_to_lsn`` values in the
:ref:`PERCONA_SCHEMA.xtrabackup_history <xtrabackup_history>` table.

* ``SELECT`` privilege on the `keyring_component_status table <https://dev.mysql.com/doc/refman/8.0/en/performance-schema-keyring-component-status-table.html>`__ to view the attributes and status of the installed keyring component when in use.

The explanation of when these are used can be found in
:ref:`how_xtrabackup_works`.

Expand All @@ -130,4 +131,11 @@ to full backups would be:
mysql> CREATE USER 'bkpuser'@'localhost' IDENTIFIED BY 's3cr%T';
mysql> GRANT BACKUP_ADMIN, PROCESS, RELOAD, LOCK TABLES, REPLICATION CLIENT ON *.* TO 'bkpuser'@'localhost';
mysql> GRANT SELECT ON performance_schema.log_status TO 'bkpuser'@'localhost';
mysql> GRANT SELECT ON performance_schema.keyring_component_status TO bkpuser@'localhost'
mysql> FLUSH PRIVILEGES;

0 comments on commit 973de0f

Please sign in to comment.