Re: User/Roles, Owner, and privileges migration strategy

From: Alvaro Herrera <alvherre(at)alvh(dot)no-ip(dot)org>
To: Aditya D <dsaditya91(at)gmail(dot)com>
Cc: Ron <ronljohnsonjr(at)gmail(dot)com>, pgsql-admin(at)lists(dot)postgresql(dot)org
Subject: Re: User/Roles, Owner, and privileges migration strategy
Date: 2023-10-25 11:27:30
Message-ID: 202310251127.fhwfz7o7wjio@alvherre.pgsql
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-admin

On 2023-Oct-24, Aditya D wrote:

> Thanks a lot Holger and Ron for the reply and valuable inputs. AWS RDS or
> any other PaaS PostgreSQL instances does not support Superuser and to avoid
> multiple pg_dump statements from on-premises to PaaS, is there any
> recommended way?
>
> Query the catalog tables and form the alter owner statements which will run
> post pg_dump - - no owner or any other suggested method?

I would do this using the following steps:

1. take a "pg_dumpall -g".

2. take a pg_dump (in -Fc or -Fd mode) of each database to migrate. Do
not use "--no-owner" or anything that breaks or incompletely dumps the
ownership or ACLs or objects.

3. write a script to filter each of the dumps in step 2, to obtain the
list of roles needed in GRANT commands or as object owners.

4. Filter the dump produced by step 1 down to the creation of just the
roles obtained by step 3.

5. Restore each of the dumps from step 2.

If step 5 finishes cleanly, then you're done. If it throws errors about
ownership or GRANTs, then your filtering scripts in steps 3 or 4 have
some mistake. Go back and fix the script, clean up from steps 4 and 5
and restart from 3. Lather, rinse, repeat.

Note that you only need to dump each database exactly twice (first to
produce the dumps you'll test with, second to do the actual migration
once your filtering script for steps 3 and 4 have been perfected.)

If you have objects owned by "postgres" or some other superuser, I'd
change them ahead of time to something else.

--
Álvaro Herrera Breisgau, Deutschland — https://www.EnterpriseDB.com/
"In fact, the basic problem with Perl 5's subroutines is that they're not
crufty enough, so the cruft leaks out into user-defined code instead, by
the Conservation of Cruft Principle." (Larry Wall, Apocalypse 6)

In response to

Responses

Browse pgsql-admin by date

  From Date Subject
Next Message Rajesh Kumar 2023-10-25 11:36:00 Re: Autovacuum and Insert wait
Previous Message Alvaro Herrera 2023-10-25 11:15:41 Re: Autovacuum and Insert wait