Thread: BUG #16795: Can't give "grant execute on pg_start_backup to .."
The following bug has been logged on the website: Bug reference: 16795 Logged by: Ken Email address: ken.karma@gmail.com PostgreSQL version: 13.1 Operating system: CentOS Linux release 7.9.2009 Description: I'm want to make backup user who haven't SUPERUSER, but have "Replication" role what must be enough, in document: 25.3.3.1. Making a Non-Exclusive Low-Level Backup A non-exclusive low level backup is one that allows other concurrent backups to be running (both those started using the same backup API and those started using pg_basebackup). Ensure that WAL archiving is enabled and working. Connect to the server (it does not matter which database) as a user with rights to run pg_start_backup (superuser, or a user who has been granted EXECUTE on the function) and issue the command: SELECT pg_start_backup('label', false, false); But I can't give this grant: psql -U postgres psql (13.1) Type "help" for help. postgres=# create role backup replication login; CREATE ROLE postgres=# grant pg_read_all_settings to backup ; GRANT ROLE postgres=# grant SELECT on pg_start_backup to backup ; ERROR: relation "pg_start_backup" does not exist postgres=# grant EXECUTE on pg_catalog.pg_start_backup to backup ; ERROR: relation "pg_catalog.pg_start_backup" does not exist postgres=# grant SELECT on pg_catalog.pg_start_backup to backup ; ERROR: relation "pg_catalog.pg_start_backup" does not exist postgres=# select pg_start_backup('Daily backup'); pg_start_backup ----------------- 0/10000028 (1 row) postgres=# \df pg_start_backup ; List of functions Schema | Name | Result data type | Argument data types | Type ------------+-----------------+------------------+------------------------------------------------------------------------+------ pg_catalog | pg_start_backup | pg_lsn | label text, fast boolean DEFAULT false, exclusive boolean DEFAULT true | func (1 row) [root@host.test.mta ~]# psql -U backup postgres psql (13.1) Type "help" for help. postgres=> select pg_start_backup('Daily backup'); ERROR: permission denied for function pg_start_backup postgres=> \du+ List of roles Role name | Attributes | Member of | Description -----------+------------------------------------------------------------+------------------------+------------- backup | Replication | {pg_read_all_settings} | postgres | Superuser, Create role, Create DB, Replication, Bypass RLS | {} | In PostrgreSQL log: 2020-12-28 19:20:07.696 EET postgres postgres [10076]ERROR: relation "pg_catalog.pg_start_backup" does not exist 2020-12-28 19:20:07.696 EET postgres postgres [10076]STATEMENT: grant EXECUTE on pg_catalog.pg_start_backup to backup ; 2020-12-28 19:21:48.853 EET postgres postgres [10076]ERROR: relation "pg_catalog.pg_start_backup" does not exist 2020-12-28 19:21:48.853 EET postgres postgres [10076]STATEMENT: grant SELECT on pg_catalog.pg_start_backup to backup ; 2020-12-28 20:18:30.281 EET postgres backup [12482]ERROR: permission denied for function pg_start_backup 2020-12-28 20:18:30.281 EET postgres backup [12482]STATEMENT: select pg_start_backup('Daily backup'); Do I miss something, why can't I give execute on pg_start_backup to user backup?
PG Bug reporting form <noreply@postgresql.org> writes: > postgres=# grant EXECUTE on pg_catalog.pg_start_backup to backup ; > ERROR: relation "pg_catalog.pg_start_backup" does not exist pg_start_backup is a function not a table. Try grant execute on function pg_start_backup to backup; (In versions before PG10 you'd need to specify the function's arguments too. Newer versions allow this shortcut as long as there's only one function by that name.) regards, tom lane
Hi, Thank You Tom!
This is true, sorry for the wrong bug reporting.
Best regards,
Ken K
28.12.20 22:48 Tom Lane kirjutas:
grant execute on function pg_start_backup to backup;