Permissions
Depending on the scenario, the user accounts must have the permissions listed in the following subsections:
- Permissions for Guest Processing
Permissions for Backup to Object Storage
If you plan to back up data to object storage, make sure that the user account that you use to connect to the object storage has the required permissions. The list of required permissions differs depending on the selected object storage:
If you plan to back up data to the Amazon S3 or S3 compatible storage, make sure the user account that you plan to use has the following permissions:
Identity-based permission:
{
"s3:ListAllMyBuckets"
}Resource-based permissions:
{
"s3:PutObject",
"s3:GetObject",
"s3:ListBucket",
"s3:DeleteObject",
"s3:GetBucketLocation",
"s3:GetBucketVersioning",
"s3:GetBucketObjectLockConfiguration"
}TIP
For information about required permissions for Amazon S3 storage with immutability enabled, see the Using Object Storage Repositories section in the Veeam Backup & Replication User Guide.
If you plan to back up data to the Google Cloud storage, make sure the user account that you plan to use has the following permissions:
{
"storage.buckets.get",
"storage.buckets.list",
"storage.objects.create",
"storage.objects.delete",
"storage.objects.get",
"storage.objects.list"
}Permissions for Guest Processing
To use guest processing, make sure to configure user accounts according to the requirements listed in this section.
Consider the following general requirements when choosing a user account:
- The user account must have root privileges.
- The user account must have the home directory created.
Depending on the application you need to back up, the user account must have the permissions listed in the table below:
Application
Required Permission
MySQL
To process the MySQL database system, the MySQL user account must have the following privileges:
- SELECT for all tables. This privilege is required to allow Veeam Agent to access table metadata. To learn more, see MySQL documentation.
- LOCK TABLES. This privilege is required to allow Veeam Agent to process tables based on the MyISAM storage engine.
- RELOAD. This privilege is required to allow the MySQL user account to perform FLUSH operations.
Oracle
To back up Oracle data, the user account must be granted SYSDBA privileges. You can use either the same account that was specified at the Guest Processing step if such an account is a member of the OSDBA and OINSTALL groups, or you can use any other account that has SYSDBA privileges. For more information about specifying a user account, see Application-Aware Processing.
To perform guest processing for Oracle databases on Linux servers, make sure that the /tmp directory is mounted with the exec option. Otherwise, you will get a "Permission denied" error.
PostgreSQL
To back up PostgreSQL instances, the user account must have the superuser privileges for the PostgreSQL instance. For more information, see PostgreSQL documentation.