Permissions

Depending on the scenario, the user accounts must have the permissions listed in the following subsections:

Permissions for Backup to Object Storage

Permissions for Backup to Object Storage

If you plan to back up data to object storage, make sure that the user account that you use to connect to the object storage has the required permissions. The list of required permissions differs depending on the selected object storage:

Amazon S3 or S3 compatible
Google Cloud Storage

Amazon S3 or S3 compatible

If you plan to back up data to the Amazon S3 or S3 compatible storage, make sure the user account that you plan to use has the following permissions:

Identity-based permission:

{
"s3:ListAllMyBuckets"
}

Resource-based permissions:

{
"s3:DeleteObject",
"s3:GetBucketLocation",
"s3:GetBucketObjectLockConfiguration",
"s3:GetBucketVersioning",
"s3:GetObject",
"s3:ListBucket",
"s3:PutObject"
}

TIP

For information about required permissions for Amazon S3 storage with immutability enabled, see the Using Object Storage Repositories section in the Veeam Backup & Replication User Guide.

Google Cloud Storage

If you plan to back up data to the Google Cloud storage, make sure the user account that you plan to use has the following permissions:

{
"storage.buckets.get",
"storage.buckets.list",
"storage.objects.create",
"storage.objects.delete",
"storage.objects.get",
"storage.objects.list"
}

Permissions for Guest Processing

To use guest processing, make sure to configure user accounts according to the requirements listed in this section.

Consider the following general requirements when choosing a user account:

The user account must have root privileges.
The user account must have the home directory created.

Depending on the application you need to back up, the user account must have the permissions listed in the table below:

Application	Required Permission
MySQL	To process the MySQL database system, the MySQL user account must have the following privileges: SELECT for all tables. This privilege is required to allow Veeam Agent to access table metadata. To learn more, see MySQL documentation. LOCK TABLES. This privilege is required to allow Veeam Agent to process tables based on the MyISAM storage engine. RELOAD. This privilege is required to allow the MySQL user account to perform FLUSH operations.
Oracle	To back up Oracle data, the user account must be granted SYSDBA privileges. You can use either the same account that was specified at the Guest Processing step if such an account is a member of the OSDBA and OINSTALL groups, or you can use any other account that has SYSDBA privileges. To perform guest processing for Oracle databases on Linux servers, make sure that the /tmp directory is mounted with the exec option. Otherwise, you will get a "Permission denied" error.
PostgreSQL	To back up PostgreSQL instances, the user account must have the superuser privileges for the PostgreSQL instance. For more information, see PostgreSQL documentation.

Application

Required Permission

MySQL

To process the MySQL database system, the MySQL user account must have the following privileges:

SELECT for all tables. This privilege is required to allow Veeam Agent to access table metadata. To learn more, see MySQL documentation.
LOCK TABLES. This privilege is required to allow Veeam Agent to process tables based on the MyISAM storage engine.
RELOAD. This privilege is required to allow the MySQL user account to perform FLUSH operations.

Oracle

To back up Oracle data, the user account must be granted SYSDBA privileges. You can use either the same account that was specified at the Guest Processing step if such an account is a member of the OSDBA and OINSTALL groups, or you can use any other account that has SYSDBA privileges.

To perform guest processing for Oracle databases on Linux servers, make sure that the /tmp directory is mounted with the exec option. Otherwise, you will get a "Permission denied" error.

PostgreSQL

To back up PostgreSQL instances, the user account must have the superuser privileges for the PostgreSQL instance. For more information, see PostgreSQL documentation.