Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <pgsql-sql-owner+archive@lists.postgresql.org>)
	id 1sM9y8-000so8-Pg
	for pgsql-sql@arkaria.postgresql.org; Tue, 25 Jun 2024 17:28:36 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.94.2)
	(envelope-from <pgsql-sql-owner+archive@lists.postgresql.org>)
	id 1sM9y5-00H3Pz-WA
	for pgsql-sql@arkaria.postgresql.org; Tue, 25 Jun 2024 17:28:34 +0000
Received: from makus.postgresql.org ([2001:4800:3e1:1::229])
	by malur.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <steve.midgley.mixrun@gmail.com>)
	id 1sM9y5-00H3Pr-Mn
	for pgsql-sql@lists.postgresql.org; Tue, 25 Jun 2024 17:28:34 +0000
Received: from mail-ej1-f51.google.com ([209.85.218.51])
	by makus.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
	(Exim 4.94.2)
	(envelope-from <steve.midgley.mixrun@gmail.com>)
	id 1sM9xz-0035dN-0Q
	for pgsql-sql@lists.postgresql.org; Tue, 25 Jun 2024 17:28:32 +0000
Received: by mail-ej1-f51.google.com with SMTP id
 a640c23a62f3a-a6cb130027aso391145366b.2
        for <pgsql-sql@lists.postgresql.org>;
 Tue, 25 Jun 2024 10:28:26 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1719336505; x=1719941305;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=Aj6yspyoBKtIGikij0it3GFPhcblA3j96E/W8ZXqdaQ=;
        b=hpXwpmniGVqoufXkvFLYTC0V+PlMF41HarONLNlqLGbJDk2s40VFRx4IXWhGLEwgpj
         3faSQOejoq9HvGQzVECaGLUZeRQgNKYKmbPxHvZn3DZPjdkNJEm1SIj1UozEZtDGDmER
         etCRtoIPWjKpk1r/z9MDlR1wKFp4ihkjybuIkH91QClt2PKQJVlEBlBM0PYC7g6s8PxR
         zEeafqDw1cb9xsar0jvmX6Tj9KXuXZqIXL5qPc4YeTzMtGCwXuD8COAEdWxe08LN7JJD
         /AJSqrG/Ph/n6GTjT1zCz5GJqa59d7Lry4frv4FyudcC9Wj13/OLO3HxuXaZRulP57b0
         8C1A==
X-Gm-Message-State: AOJu0YykWX6HFSyMJ9bMylkG6EPNbO4666aKBuwNbgRI8xL0CBobmvPl
	aEzFqSfWHTXiQQX1f6eu/A4GTsEht7x4iM4WskURsfptJmE5hy11PLpAS9Cm
X-Google-Smtp-Source: 
 AGHT+IGcA5ibTMRdbhAX1Vbrvej3QAbk0MldLrTChl4+t3b7FLmyNWyLz8xCiHpWE/kRdCXcYo/xsw==
X-Received: by 2002:a50:9f6d:0:b0:57c:671d:8455 with SMTP id
 4fb4d7f45d1cf-57d4bd728c8mr6582521a12.14.1719336504662;
        Tue, 25 Jun 2024 10:28:24 -0700 (PDT)
Received: from mail-wr1-f41.google.com (mail-wr1-f41.google.com.
 [209.85.221.41])
        by smtp.gmail.com with ESMTPSA id
 4fb4d7f45d1cf-57d30535232sm6166104a12.72.2024.06.25.10.28.24
        for <pgsql-sql@lists.postgresql.org>
        (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
        Tue, 25 Jun 2024 10:28:24 -0700 (PDT)
Received: by mail-wr1-f41.google.com with SMTP id
 ffacd0b85a97d-3629c517da9so5676159f8f.2
        for <pgsql-sql@lists.postgresql.org>;
 Tue, 25 Jun 2024 10:28:24 -0700 (PDT)
X-Received: by 2002:adf:fe06:0:b0:35f:1d5e:e2ca with SMTP id
 ffacd0b85a97d-366e94d9737mr6098838f8f.39.1719336503888; Tue, 25 Jun 2024
 10:28:23 -0700 (PDT)
MIME-Version: 1.0
References: <A9A63660-310A-4F87-B01D-998E3A3A086A@Chaos1.DE>
In-Reply-To: <A9A63660-310A-4F87-B01D-998E3A3A086A@Chaos1.DE>
From: Steve Midgley <science@misuse.org>
Date: Tue, 25 Jun 2024 10:28:11 -0700
X-Gmail-Original-Message-ID: 
 <CAJexoSKVniyo9pkvZpwVEF13AaMzeqF_WA_NdK3YdjRWednPhg@mail.gmail.com>
Message-ID: 
 <CAJexoSKVniyo9pkvZpwVEF13AaMzeqF_WA_NdK3YdjRWednPhg@mail.gmail.com>
Subject: Re: struggling with GRANT while upgrading from 13 to 16
To: Axel Rau <Axel.Rau@chaos1.de>
Cc: pgsql-sql@lists.postgresql.org
Content-Type: multipart/alternative; boundary="000000000000905b6a061bba3914"
List-Id: <pgsql-sql.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-sql@lists.postgresql.org>
List-Owner: <mailto:pgsql-sql-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-sql>
Archived-At: 
 <https://www.postgresql.org/message-id/CAJexoSKVniyo9pkvZpwVEF13AaMzeqF_WA_NdK3YdjRWednPhg%40mail.gmail.com>
Precedence: bulk

--000000000000905b6a061bba3914
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

On Tue, Jun 25, 2024 at 10:05=E2=80=AFAM Axel Rau <Axel.Rau@chaos1.de> wrot=
e:

> Hi all,
>
> I=E2=80=99m getting
>
> ERROR:  permission denied to grant privileges as role "axel"
> DETAIL:  The grantor must have the ADMIN option on role "daemons".
> ERROR:  permission denied to grant privileges as role "axel"
> DETAIL:  The grantor must have the ADMIN option on role "daemons".
> ERROR:  permission denied to grant privileges as role "axel"
> DETAIL:  The grantor must have the ADMIN option on role "xtrole".
> ERROR:  permission denied to grant privileges as role "axel"
> DETAIL:  The grantor must have the ADMIN option on role "xtrole".
>
> while trying load a dump from 13 into 16 server.
>
> Correcting this on 13 seems impossible as new syntax/options are required=
.
>
> What would be the upgrade path to fix this?
> What would be the SQL phrase to do it ?
>

Is there a reason you can't grant axel those other roles as admin? Such as:

GRANT daemons TO axel WITH ADMIN OPTION;
GRANT xtrole TO axel WITH ADMIN OPTION;

I may be missing something really basic, but if you do that on v16 before
running the load, would that fix it? Maybe there are security implications
for your setup that make this unthinkable, but if that's true, having
daemons and xtrole connected to these tables / data might be a problem more
generally?

Steve

--000000000000905b6a061bba3914
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div dir=3D"ltr"><div dir=3D"ltr"><br></div><br><div class=
=3D"gmail_quote"><div dir=3D"ltr" class=3D"gmail_attr">On Tue, Jun 25, 2024=
 at 10:05=E2=80=AFAM Axel Rau &lt;<a href=3D"mailto:Axel.Rau@chaos1.de">Axe=
l.Rau@chaos1.de</a>&gt; wrote:<br></div><blockquote class=3D"gmail_quote" s=
tyle=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);pad=
ding-left:1ex">Hi all,<br>
<br>
I=E2=80=99m getting<br>
<br>
ERROR:=C2=A0 permission denied to grant privileges as role &quot;axel&quot;=
<br>
DETAIL:=C2=A0 The grantor must have the ADMIN option on role &quot;daemons&=
quot;.<br>
ERROR:=C2=A0 permission denied to grant privileges as role &quot;axel&quot;=
<br>
DETAIL:=C2=A0 The grantor must have the ADMIN option on role &quot;daemons&=
quot;.<br>
ERROR:=C2=A0 permission denied to grant privileges as role &quot;axel&quot;=
<br>
DETAIL:=C2=A0 The grantor must have the ADMIN option on role &quot;xtrole&q=
uot;.<br>
ERROR:=C2=A0 permission denied to grant privileges as role &quot;axel&quot;=
<br>
DETAIL:=C2=A0 The grantor must have the ADMIN option on role &quot;xtrole&q=
uot;.<br>
<br>
while trying load a dump from 13 into 16 server.<br>
<br>
Correcting this on 13 seems impossible as new syntax/options are required.<=
br>
<br>
What would be the upgrade path to fix this?<br>
What would be the SQL phrase to do it ?<br></blockquote><div><br></div><div=
>Is there a reason you can&#39;t grant axel those other roles as admin? Suc=
h as:<br><div><br></div><div>GRANT daemons TO axel WITH ADMIN OPTION;<br></=
div>GRANT xtrole TO axel WITH ADMIN OPTION;=C2=A0</div><div><br></div><div>=
I may be missing something really basic, but if you do that on v16 before r=
unning the load, would that fix it? Maybe there are security implications f=
or your setup that make this unthinkable, but if that&#39;s true, having da=
emons and xtrole connected to these tables / data might be a problem more g=
enerally?</div><div><br></div><div>Steve</div></div></div></div>

--000000000000905b6a061bba3914--