SQL Server Backup Permissions

This article will take you through the list of minimum required backup permissions a user needs to have in order to be allowed to make the most basic backup operation.

Minimum Backup Permissions

To create a user and give this user minimum permissions in order to just backup the database, without being able to read or modify the data in the database, here is how you have to configure this user.

When setting the Login Properties for the user make sure that in the Server Roles section, public is checked (it should be automatically).

In the User Mapping menu section which gives you access to the **Database Level **permissions, make sure you select the database you want to give the user backup permissions to.

Then, make sure you check the following list of roles for the selected user, on the selected database in order to give this user just backup permissions:

  • db_backupoperator – This role will allow the user to take backups of the database
  • db_denydatareader – This role will deny the user access to the database’s data, so the user cannot read the data from its tables
  • db_denydatawriter – This role will deny the user access to modify the database’s data, so the user cannot run any UPDATE or DELETE queries
  • public – Every user that is set up on the database is part of the public database role. When a user is denied access permission on a securable object, that user will inherit the permission to the public for that object.