MySQL Enterprise Backup User's Guide (Version 3.11.1)
For most backup operations, the mysqlbackup
command connects to the MySQL server through
--user and --password options.
This user requires certain privileges. You can either create a
new user with a minimal set of privileges, or use an
administrative account such as the root user.
The minimum privileges for the MySQL user that mysqlbackup connects are:
RELOAD on all databases and tables.
CREATE, INSERT,
DROP, and UPDATE on
the tables mysql.backup_progress and
mysql.backup_history, and also
SELECT on
mysql.backup_history.
SUPER, to enable and disable logging, and
to optimize locking in order to minimize disruption to
database processing.
REPLICATION CLIENT, to retrieve the
binlog
position, which is stored with the backup.
To set these privileges for a MySQL user
(mysqlbackup in this example) connecting from
localhost, issue statements like the following from the
mysql client program:
GRANT RELOAD ON *.* TO 'mysqlbackup'@'localhost';
GRANT CREATE, INSERT, DROP, UPDATE ON mysql.backup_progress TO 'mysqlbackup'@'localhost';
GRANT CREATE, INSERT, SELECT, DROP, UPDATE ON mysql.backup_history TO 'mysqlbackup'@'localhost';
GRANT REPLICATION CLIENT ON *.* TO 'mysqlbackup'@'localhost';
GRANT SUPER ON *.* TO 'mysqlbackup'@'localhost';
The following additional privileges are required for using transportable tablespaces (TTS) to back up and restore InnoDB tables:
LOCK TABLES and SELECT for backing up tables
CREATE and ALTER for restoring tables
To set these privileges, issue a statement like the following
from the mysql client program:
GRANT LOCK TABLES, SELECT, CREATE, ALTER ON *.* TO 'mysqlbackup'@'localhost';