diff --git a/doc/src/sgml/protocol.sgml b/doc/src/sgml/protocol.sgml
index 68908dcb7b..24e93f9b28 100644
--- a/doc/src/sgml/protocol.sgml
+++ b/doc/src/sgml/protocol.sgml
@@ -2647,6 +2647,11 @@ The commands accepted in replication mode are:
blackhole, the backup data is not sent
anywhere; it is simply discarded.
+
+
+ The server target requires superuser privilege or
+ being granted the pg_write_server_files role.
+
diff --git a/doc/src/sgml/ref/pg_basebackup.sgml b/doc/src/sgml/ref/pg_basebackup.sgml
index dfd8aebc9a..1546f10c0d 100644
--- a/doc/src/sgml/ref/pg_basebackup.sgml
+++ b/doc/src/sgml/ref/pg_basebackup.sgml
@@ -237,7 +237,8 @@ PostgreSQL documentation
server:/some/path, the backup will be stored on
the machine where the server is running in the
/some/path directory. Storing a backup on the
- server requires superuser privileges. If the target is set to
+ server requires superuser privileges or being granted the
+ pg_write_server_files role. If the target is set to
blackhole, the contents are discarded and not
stored anywhere. This should only be used for testing purposes, as you
will not end up with an actual backup.
diff --git a/src/backend/replication/basebackup_server.c b/src/backend/replication/basebackup_server.c
index ce1b7b4797..18b0e11d90 100644
--- a/src/backend/replication/basebackup_server.c
+++ b/src/backend/replication/basebackup_server.c
@@ -10,10 +10,12 @@
*/
#include "postgres.h"
+#include "catalog/pg_authid.h"
#include "miscadmin.h"
#include "replication/basebackup.h"
#include "replication/basebackup_sink.h"
#include "storage/fd.h"
+#include "utils/acl.h"
#include "utils/timestamp.h"
#include "utils/wait_event.h"
@@ -65,10 +67,10 @@ bbsink_server_new(bbsink *next, char *pathname)
sink->base.bbs_next = next;
/* Replication permission is not sufficient in this case. */
- if (!superuser())
+ if (!is_member_of_role(GetUserId(), ROLE_PG_WRITE_SERVER_FILES))
ereport(ERROR,
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
- errmsg("must be superuser to create server backup")));
+ errmsg("must be superuser or a member of the pg_write_server_files role to create server backup")));
/*
* It's not a good idea to store your backups in the same directory that