Permissions
Depending on the scenario, the user accounts must have the permissions listed in the following subsections:
- Permissions for Guest Processing
Permissions for Backup to Object Storage
If you plan to back up data to object storage, make sure that the user account that you use to connect to the object storage has the required permissions. The list of required permissions differs depending on the selected object storage:
{
"s3:DeleteObject",
"s3:GetBucketLocation",
"s3:GetBucketObjectLockConfiguration",
"s3:GetBucketVersioning",
"s3:GetObject",
"s3:ListBucket",
"s3:PutObject"
}TIP
For information about required permissions for Amazon S3 storage with immutability enabled, see the Using Object Storage Repositories section in the Veeam Backup & Replication User Guide.
{
"storage.buckets.get",
"storage.buckets.list",
"storage.objects.create",
"storage.objects.delete",
"storage.objects.get",
"storage.objects.list"
}Permissions for Guest Processing
Consider the following general requirements when choosing a user account:
Application
Required Permission
MySQL
To process the MySQL database system, the MySQL user account must have the following privileges:
- SELECT for all tables. This privilege is required to allow Veeam Agent to access table metadata. To learn more, see MySQL documentation.
- LOCK TABLES. This privilege is required to allow Veeam Agent to process tables based on the MyISAM storage engine.
- RELOAD. This privilege is required to allow the MySQL user account to perform FLUSH operations.
Oracle
To back up Oracle data, the user account must be granted SYSDBA privileges. You can use either the same account that was specified at the Guest Processing step if such an account is a member of the OSDBA and OINSTALL groups, or you can use any other account that has SYSDBA privileges.
To perform guest processing for Oracle databases on Linux servers, make sure that the /tmp directory is mounted with the exec option. Otherwise, you will get a "Permission denied" error.
PostgreSQL
To back up PostgreSQL instances, the user account must have the superuser privileges for the PostgreSQL instance. For more information, see PostgreSQL documentation.