Re: User/Roles, Owner, and privileges migration strategy

I regularly logged into an AWS RDS Postgresql instance as user "postgres",
where I created and altered roles.

On 10/24/23 06:18, Aditya D wrote:
> Thanks a lot Holger and Ron for the reply and valuable inputs. AWS RDS or
> any other PaaS PostgreSQL instances does not support Superuser and to
> avoid multiple pg_dump statements from on-premises to PaaS, is there any
> recommended way?
>
> Query the catalog tables and form the alter owner statements which will
> run post pg_dump - - no owner or any other suggested method?
>
> Regards,
> Aditya D
>
> On Mon, 23 Oct 2023 at 01:14, Ron <ronljohnsonjr(at)gmail(dot)com> wrote:
>
> On 10/21/23 21:51, ADITYA DUVURI wrote:
>> Hi Team,
>>
>> Let me take a user scenario here, I have an On-premises PostgreSQL
>> instance with 50 databases. Out of which I need to migrate only 15
>> databases. There are around 10 different users and roles and millions
>> of different database objects.
>> In this example at the database level the owner for some objects are -
>> image.png
>>
>> When I perform pg_dump with owners and ACL. the statements formed are -
>>
>> * Create Table2
>> * Alter Owner Table2 to user2
>> * Grant All privileges on Table2 to user2
>>
>> The issue while restoring the above dump file created in any
>> on-premises/AWS/GCP PostgreSQL instance fails since the grant
>> statements have to be executed first before the Alter owner statement.
>
> Did you first run "pg_dumpall --globals-only" against the on-prem
> server?  (Maybe you did, and I missed it.)
>
> That has all of the CREATE and ALTER ROLE statements. You'll have to
> edit it first, though, to remove references to role "postgres", and
> other statements that are outdated, or irrelevant to AWS RDS.
>
>
> --
> Born in Arizona, moved to Babylonia.
>

--
Born in Arizona, moved to Babylonia.