Home

Setting up rights

Prev Page Next Page
Introduction
Recovery models
Main backup types
Backing up the database files by copying
The transaction log
Transaction log restore sequence
Log sequence numbers
Truncating and shrinking the transaction log
Backing up the tail
Inside the transaction log
So, what's in a backup file?
Test: A full backup does not contain deleted data
Verifying backup files
Verifying backup files on a budget
Cumulative backups
Recovering individual tables
Backup and restore history details
Backup reads and writes
Speeding up backups
Backup speed details
Speeding up restores
Restore state affects speed too
Backup and restore rights
Log shipping
Log shipping in SQL Server 2000
Setting up log shipping using Enterprise Manager
Checking the set up
Failover
Log shipping in SQL Server 2005
Setting up log shipping using Management Studio
Checking the set up
Log shipping status report
Failover
Log shipping in SQL Backup
Using the CopyTool utility
Failover
3rd party backup applications
VDI
VDI versions
VDI errors
SQL Backup - beyond compression
Restoring a chain of transaction log backups
Restoring to the latest possible state
Backing up multiple databases
Backup retention
Making a copy of the backup file
Backup file naming conventions
Restoring the latest backup set
Network resilience
Encryption
Integrated database verification
Database file relocation
Improved backup retention
RESTORE HELP
High-availability group support
Common SQL Backup issues
Installation checklist
Setting up rights
Configuring service rights
Backup data
Hanging issues
Common backup and restore errors
Error 3201 - when performing a backup to a network share
Full database backup file is larger than database size
Error 3205 - Too many backup devices specified for backup or restore
Error 4305 - an earlier transaction log backup is required
Bringing a database that is in recovery or read-only mode online
Using bulk-logged recovery model but transaction log backup is still large
Error 14274 - unable to delete SQL Server Agent job
Error messages when restoring from different versions of SQL Server.
Pending
vdi error codes
Restore speed details
Help, my transaction log file is huge!
Mirror or log ship




This document explains the rights required by users and the SQL Backup Agent service. Examples in this document refer to individual user accounts, but it is more convenient in large environment to manage permissions by user groups.

Overview

SQL Backup services are carried out by the SQL Backup Agent service. This is a Windows service that is installed when you install the SQL Backup server components.

diagram1

Users or jobs run SQL Backup commands using extended stored procedures. A list of SQL Backup extended stored procedures can be found here.

diagram2

SQL Backup then communicates with SQL Server using the SQL Server Virtual Device Interface (VDI). See this document for details of the interaction between SQL Backup and SQL Server.

diagram3

During backup and restore processes, all data transfers are handled by the SQL Backup Agent service.

diagram4

Permissions and rights

- Users

rights_users

Users need rights to execute the relevant extended stored procedures. E.g.

GRANT EXECUTE ON sqlbackup TO user1

They also need to have rights to backup or restore the databases that they want to work with. E.g.

GRANT BACKUP DATABASE TO user1

Note that users need not have the SQL Server sysadmin fixed server role.

- SQL Backup Agent service

rights_service

All rights related to the SQL Backup Agent service comes from the user account used to start up the service. This user account needs to have the 'Log On As A Service' right in order to be able to start the service.

service_user

The service startup user needs to have the SQL Server sysadmin fixed server role. This is a requirement of the SQL Server VDI library.

sql_admin

The service startup user also needs rights to the relevant network shares if backup files will be stored to/retrived from network shares.

The service startup user also needs to have query rights to the SQL Server service details. If you attempt to perform a backup but it fails with error 1000, with the following error message:

Failed to create virtual device. Check that the SQL Server instance you are trying to connect to is running. Error code: (-2139684857: Failed to recognize the SQL Server instance name.)

you should then check if the SQL Backup Agent service startup user has been denied access rights to the related SQL Server service. You can do this by using the sc command line utility. The sc utility can also be used to grant rights.  You can download this utility (DACLReader) to check the current access control entries (ACEs) for a specific SQL Server service.  See this document for details.

SQL Backup GUI and command line

The SQL Backup 5 GUI was designed such that the user using it needs to be a SQL Server sysadmin. The SQL Backup 4 GUI does not have this requirement, but does require the user to have rights to the extended stored procedures.

If you use the command line interface (sqlbackupc.exe) to perform backups and restores, the user running the application needs to have the SQL Server sysadmin fixed server role. This is because the command line interface communicates directly with the VDI, and does not use the SQL Backup Agent service.




Document history
12/3/2008    Initial release.    
 
Copyright 2008 - 2021 Yohz Ventures Sdn Bhd. All rights reserved.
All product and company names are trademarks or registered trademarks of their respective owners.