For most backup operations, the mysqlbackup
command connects to the MySQL server through
--user
and --password
options.
This user requires certain privileges. You can either create a
new user with a minimal set of privileges, or use an
administrative account such as the root user.
The minimum privileges for the MySQL user that mysqlbackup connects are:
RELOAD
on all databases and tables.CREATE
,INSERT
,DROP
, andUPDATE
on the tablesmysql.backup_progress
andmysql.backup_history
, and alsoSELECT
onmysql.backup_history
.SUPER
, to enable and disable logging, and to optimize locking in order to minimize disruption to database processing.REPLICATION CLIENT
, to retrieve the binlog position, which is stored with the backup.
To set these privileges for a MySQL user
(mysqlbackup
in this example) connecting from
localhost, issue statements like the following from the
mysql
client program:
GRANT RELOAD ON *.* TO 'mysqlbackup'@'localhost';
GRANT CREATE, INSERT, DROP, UPDATE ON mysql.backup_progress TO 'mysqlbackup'@'localhost';
GRANT CREATE, INSERT, SELECT, DROP, UPDATE ON mysql.backup_history TO 'mysqlbackup'@'localhost';
GRANT REPLICATION CLIENT ON *.* TO 'mysqlbackup'@'localhost';
GRANT SUPER ON *.* TO 'mysqlbackup'@'localhost';
The following additional privileges are required for using transportable tablespaces (TTS) to back up and restore InnoDB tables:
LOCK TABLES and SELECT for backing up tables
CREATE and ALTER for restoring tables
To set these privileges, issue a statement like the following
from the mysql
client program:
GRANT LOCK TABLES, SELECT, CREATE, ALTER ON *.* TO 'mysqlbackup'@'localhost';