* Michael Paquier (michael.paquier@gmail.com) wrote:
> On Tue, Jul 21, 2015 at 4:47 PM, Andrew Beverley <andy@andybev.com> wrote:
> > Dear all,
> >
> > I'm setting up hot backups on my database server. As such, I'd like to set up a
> > Postgres user that has access to only pg_start_backup and pg_stop_backup.
> >
> > I'm unable to work out how to do this with the various GRANT options. Can someone
> > point me in the right direction please? Or is there a better way to achieve this,
> > rather than having a dedicated user?
>
> Access to pg_start_backup and pg_stop_backup can be done with either a
> replication user or a superuser. You can define user with such rights
> with CREATE ROLE with the keyword REPLICATION:
> http://www.postgresql.org/docs/devel/static/sql-createrole.html
Note that the REPLICATION role gets a great deal more access than simply
being able to run pg_start/stop_backup, such as being able to connect to
the magic replication database and be able to stream the contents of the
database.
Would be great to understand your use-case better, to see if the
proposed default roles would be a better eventual solution for you.
Thanks,
Stephen