Jump to:
| Project: | Backup and Migrate |
| Version: | 7.x-2.x-dev |
| Component: | Miscellaneous |
| Category: | feature request |
| Priority: | normal |
| Assigned: | Unassigned |
| Status: | active |
Issue Summary
I did not find an appropriate permission setting for my purpose:
- give a non-IT super user the rights to restore the database from a previous scheduled backup.
To do that, I had to set
-access backup and migrate
-access backup files
-restore from backup
With this setting, the following link
admin/content/backup_migrate/destination/list/files/scheduled
gives access to the available file for restore
This is pretty good, but:
- the option for "download" is still available, which might only be puzzling for a non IT person
- 2 tabs "Destination Files" and "Restore from backup" are present, which lead to "Access denied" when pressed on
- this give access to any file from any destination
I have no particular proposal, but I found thee current permissions set quite inconsistent
- "restore from backup" and "access backup files" is essentially redundant, but need both top be set to restore database
- "restore from backup" does not give right to select the destination to restore from
Maybe having
- a basic permission "restore from scheduled backup" that only give access to files at that destination
- an extension permission "select backup destination"
- an extension permission "download database"
could be more appropriate
This module works great by the way.
Comments
#1
keeping on top of my list
#2
Hi there,
I'm sorry the current permissions don't suit your need but given how destructive this module can be there isn't a whole lot of point in making the permissions to fine-grained so I don't plan on expanding them to any major degree. Basically, my philosophy here is that if you can't trust your users completely (both their integrity and their competence) then they shouldn't have any access to B&M whatsoever.
I guess I understand that, but if you trust your user with the restore function I think you may have to trust them to figure out what 'download' means.
Implementing per-destination access permissions is a big task and not one I would have the bandwidth to take on.
Not really, I can see the need to allow users to download backup files (for local development, say) but not restore a live site.
You should be able to restore from an upload unless this is broken.
I hope all this makes sense.
#3
Thanks!
You are true, non-IT users should not be allow to do that .
In this sense, may be permissions still are too clumsy...
#4
It would be _very_ useful if we could allow "any" users to evaluate and test a site while making backups themselves before each major step to the _server_, without the possibility to download the backup.
Imagine how many settings, information, API keys, unpublished posts, user account names/email addresses, etc. can be inside that backup, which such users should not get to.
It is still very useful to offer them a way to secure their work "so far" for each step, so that whenever something goes wrong, a restore can be made by an admin from either the previous state or a given time.
Therefore, I regard a permission to download instead of storing on the server quite important.
Reopening for discussion.
Edit: My point is to be able to use a roles-based permission to limit who can download the backups, to force selected user roles to backing up ONLY to the server.
See also: #1811616: Option to restrict downloads to SSL connections.