Platform: WindowsProducts: Managed Backup (Web)
Article ID: kb00047Last Modified: 10-Nov-2025

SQL Server Backup Permissions

This article will take you through the list of minimum required backup permissions a user needs to have in order to be allowed to make the most basic backup operations.

Minimum Backup Permissions

  1. To create a user and assign this user minimum permissions in order to just backup the database, without being able to read or modify the data in the database, proceed with the below steps.

When setting the Login Properties for your user, make sure that in the Server Roles section, public is checked (it is expected to be checked automatically).

If you wish proceed without a sysadmin role for your user, the option Check if the specified account has necessary permissions to perform backup should be disabled in SQL backup plan wizard of Backup Agent:

Otherwise, the following error will be expected during SQL backup plan setup:

  1. In the User Mapping menu section, which gives you access to the Database Level permissions, make sure you select the database you want to give the user backup permissions to.

  1. Lastly, make sure you check the following list of roles for your user on the selected database in order to give your user only the backup permissions:
    • db_backupoperator – This role will allow the user to take backups of the database.
    • db_denydatareader – This role will deny the user access to the database’s data, so the user cannot read the data from its tables.
    • db_denydatawriter – This role will deny the user access to modify the database’s data, so the user cannot run any UPDATE or DELETE queries.
    • public – Every user that is set up on the database is part of the public database role. When a user is denied access permission on a securable object, that user will inherit the permission to the public for that object.

If, during SQL backup plan setup in Backup agent, on the Select MS SQL Server Instance step, you pass user authentication but encounter The SELECT permission was denied on the object 'sysobjects', database 'mssqlsystemresource', schema 'sys' error, or do not see any DBs listed on the Select Databases step, then consider disabling db_denydatareader and db_denydatawriter permissions for your user in the User Mapping menu.

https://git.cloudberrylab.com/egor.m/doc-help-kb.git
Production