MySQL Enterprise Backup User's Guide (Version 3.11.1)
For most backup operations, the mysqlbackup
command connects to the MySQL server through
--user
and --password
options.
This user requires certain privileges. You can either create a
new user with a minimal set of privileges, or use an
administrative account such as the root user.
The minimum privileges for the MySQL user that mysqlbackup connects are:
RELOAD
on all databases and tables.
CREATE
, INSERT
,
DROP
, and UPDATE
on
the tables mysql.backup_progress
and
mysql.backup_history
, and also
SELECT
on
mysql.backup_history
.
SUPER
, to enable and disable logging, and
to optimize locking in order to minimize disruption to
database processing.
REPLICATION CLIENT
, to retrieve the
binlog
position, which is stored with the backup.
To set these privileges for a MySQL user
(mysqlbackup
in this example) connecting from
localhost, issue statements like the following from the
mysql
client program:
GRANT RELOAD ON *.* TO 'mysqlbackup'@'localhost';
GRANT CREATE, INSERT, DROP, UPDATE ON mysql.backup_progress TO 'mysqlbackup'@'localhost';
GRANT CREATE, INSERT, SELECT, DROP, UPDATE ON mysql.backup_history TO 'mysqlbackup'@'localhost';
GRANT REPLICATION CLIENT ON *.* TO 'mysqlbackup'@'localhost';
GRANT SUPER ON *.* TO 'mysqlbackup'@'localhost';
The following additional privileges are required for using transportable tablespaces (TTS) to back up and restore InnoDB tables:
LOCK TABLES and SELECT for backing up tables
CREATE and ALTER for restoring tables
To set these privileges, issue a statement like the following
from the mysql
client program:
GRANT LOCK TABLES, SELECT, CREATE, ALTER ON *.* TO 'mysqlbackup'@'localhost';