public inbox for [email protected]
help / color / mirror / Atom feedFrom: Euler Taveira <[email protected]>
To: Álvaro Rodríguez <[email protected]>
To: [email protected]
Cc: Javier Maellas <[email protected]>
Cc: Diego Revenga <[email protected]>
Subject: Re: pg_dumpall can't be restored with different bootstrap superuser
Date: Tue, 05 May 2026 15:23:01 -0300
Message-ID: <[email protected]> (raw)
In-Reply-To: <CA+C_kKWHMP4c56jx1BPvP1jmjp2pmBu0Cw07fPVECUmkJSnT4w@mail.gmail.com>
References: <CA+C_kKWHMP4c56jx1BPvP1jmjp2pmBu0Cw07fPVECUmkJSnT4w@mail.gmail.com>
On Tue, May 5, 2026, at 7:51 AM, Álvaro Rodríguez wrote:
>
> We have hit an issue with pg_dumpall --roles-only where the role grants
> to other roles can't be reapplied in a clean database, if the bootstrap
> superuser does not have the same name in both databases.
>
This is not a bug. There is no way that pg_dumpall knows that the bootstrap
user you want is another one. If you want to share roles and its properties
between clusters, don't use different bootstrap users. If you do so, you should
execute another step between dump and restore to replace the source bootstrap
user with the target bootstrap user or even collect the error messages and
rewrite the affected SQL commands.
I don't think an option to inject arbitrary grantor is acceptable for security
concerns. There isn't a role specification like BOOTSTRAP_USER (similar to
CURRENT_ROLE or SESSION_USER) that would avoid this situation. Maybe we should
add a sentence saying that GRANT on roles requires the same bootstrap user.
--
Euler Taveira
EDB https://www.enterprisedb.com/
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected], [email protected], [email protected], [email protected]
Subject: Re: pg_dumpall can't be restored with different bootstrap superuser
In-Reply-To: <[email protected]>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox