| From: | "Euler Taveira" <euler(at)eulerto(dot)com> |
|---|---|
| To: | Álvaro Rodríguez <alvaro(at)datadoghq(dot)com>, pgsql-bugs(at)lists(dot)postgresql(dot)org |
| Cc: | "Javier Maellas" <javier(dot)maellas(at)datadoghq(dot)com>, "Diego Revenga" <diego(dot)revengagonzalez(at)datadoghq(dot)com> |
| Subject: | Re: pg_dumpall can't be restored with different bootstrap superuser |
| Date: | 2026-05-05 18:23:01 |
| Message-ID: | fb3f446c-3a5e-40c0-82da-18ce6b81926b@app.fastmail.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
On Tue, May 5, 2026, at 7:51 AM, Álvaro Rodríguez wrote:
>
> We have hit an issue with pg_dumpall --roles-only where the role grants
> to other roles can't be reapplied in a clean database, if the bootstrap
> superuser does not have the same name in both databases.
>
This is not a bug. There is no way that pg_dumpall knows that the bootstrap
user you want is another one. If you want to share roles and its properties
between clusters, don't use different bootstrap users. If you do so, you should
execute another step between dump and restore to replace the source bootstrap
user with the target bootstrap user or even collect the error messages and
rewrite the affected SQL commands.
I don't think an option to inject arbitrary grantor is acceptable for security
concerns. There isn't a role specification like BOOTSTRAP_USER (similar to
CURRENT_ROLE or SESSION_USER) that would avoid this situation. Maybe we should
add a sentence saying that GRANT on roles requires the same bootstrap user.
--
Euler Taveira
EDB https://www.enterprisedb.com/
| From | Date | Subject | |
|---|---|---|---|
| Next Message | David G. Johnston | 2026-05-05 18:59:48 | Re: pg_dumpall can't be restored with different bootstrap superuser |
| Previous Message | Álvaro Rodríguez | 2026-05-05 10:51:44 | pg_dumpall can't be restored with different bootstrap superuser |