Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <pgsql-general-owner+archive@lists.postgresql.org>)
	id 1vO34w-007Z4O-0r
	for pgsql-general@arkaria.postgresql.org;
	Wed, 26 Nov 2025 00:08:14 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.96)
	(envelope-from <pgsql-general-owner+archive@lists.postgresql.org>)
	id 1vO34u-00Cm2V-1C
	for pgsql-general@arkaria.postgresql.org;
	Wed, 26 Nov 2025 00:08:12 +0000
Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29])
	by malur.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <tgl@sss.pgh.pa.us>)
	id 1vO34u-00Cm2N-09
	for pgsql-general@lists.postgresql.org;
	Wed, 26 Nov 2025 00:08:12 +0000
Received: from sss.pgh.pa.us ([68.162.161.243])
	by magus.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <tgl@sss.pgh.pa.us>)
	id 1vO34r-001Vn0-2l
	for pgsql-general@lists.postgresql.org;
	Wed, 26 Nov 2025 00:08:12 +0000
Received: from sss1.sss.pgh.pa.us (localhost [127.0.0.1])
	by sss.pgh.pa.us (8.15.2/8.15.2) with ESMTP id 5AQ085qL1484314;
	Tue, 25 Nov 2025 19:08:05 -0500
From: Tom Lane <tgl@sss.pgh.pa.us>
To: immerrr again <immerrr@gmail.com>
cc: Pavel Luzanov <p.luzanov@postgrespro.ru>,
        pgsql-general@lists.postgresql.org
Subject: Re: DROP ROLE blocked by pg_init_privs
In-reply-to: <CAERznn-Hz_Y-V2gYP5UAcO+nU+e39o9WGDYTjpAqddyp8PMp4g@mail.gmail.com>
References: <CAERznn-QWVpAvqnyF=rZfiuxkeDG0tym_rY+RuEkSPWvzgi67Q@mail.gmail.com> <ca3fe7b5-2399-4537-bba4-cd000907bda7@postgrespro.ru> <CAERznn-SBBqQ3YcdZk9U4mqVQPsVgLisi=EdFzY5Fb7hOQ4g_Q@mail.gmail.com> <CAERznn-Hz_Y-V2gYP5UAcO+nU+e39o9WGDYTjpAqddyp8PMp4g@mail.gmail.com>
Comments: In-reply-to immerrr again <immerrr@gmail.com>
	message dated "Wed, 26 Nov 2025 00:06:39 +0100"
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-ID: <1484312.1764115685.1@sss.pgh.pa.us>
Date: Tue, 25 Nov 2025 19:08:05 -0500
Message-ID: <1484313.1764115685@sss.pgh.pa.us>
List-Id: <pgsql-general.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-general@lists.postgresql.org>
List-Owner: <mailto:pgsql-general-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-general>
Archived-At: <https://www.postgresql.org/message-id/1484313.1764115685%40sss.pgh.pa.us>
Precedence: bulk

immerrr again <immerrr@gmail.com> writes:
> Sorry, nvm, I forgot to drop the privileges in the repro. Can confirm, with
> 16.9 it works as expected:
> ...
> The same script with postgres:17 image fails with the error I have been
> describing:

The missing step here is

DROP OWNED BY test_role;

You have to use that to get rid of "initial privileges" because
neither REVOKE nor ALTER DEFAULT PRIVILEGES will touch existing
initial privileges.  Pre-v17 didn't account for this properly
and would allow you to drop the role anyway, leaving dangling
entries behind in pg_init_privs.  While those are harmless in
isolation, they cause problems for later dump/restore activity.

See discussion here:

https://www.postgresql.org/message-id/flat/1745535.1712358659%40sss.pgh.pa.us

			regards, tom lane