Re: pg_restore but for full user and roles, etc

Great Wells you got your answer. I just want to one more thing regarding
'--no-role-passwords' switch

Since password values aren't needed when this option is specified, the role
information is read from the catalog view pg_roles instead of pg_authid.
Therefore, this option also helps if access to pg_authid is restricted by
some security policy.

On Fri, Jul 26, 2024 at 10:29 PM Wells Oliver <wells(dot)oliver(at)gmail(dot)com>
wrote:

> Ah, perfect:
>
> pg_dumpall -g -U postgres -h myhost --no-role-passwords
>
> Exactly what I am after, works on RDS.
>
> On Fri, Jul 26, 2024 at 10:24 AM Ron Johnson <ronljohnsonjr(at)gmail(dot)com>
> wrote:
>
>> pg_dumpall has "--roles-only" and "--no-role-passwords" options (in at
>> least PG 14).
>>
>> I'm 99.9% sure that "--no-role-passwords" was added specifically because
>> of AWS RDS security policy.
>>
>> On Fri, Jul 26, 2024 at 1:19 PM Wells Oliver <wells(dot)oliver(at)gmail(dot)com>
>> wrote:
>>
>>> Ah, sorry for the multiple responses, but it doesn't seem like
>>> pg_dumpall is permitted in AWS RDS. If anyone has any other clever ways of
>>> getting to this info, would appreciate any ideas.
>>>
>>> On Fri, Jul 26, 2024 at 10:15 AM Wells Oliver <wells(dot)oliver(at)gmail(dot)com>
>>> wrote:
>>>
>>>> Thanks. Yeah, I was basically looking for the role/user only version of
>>>> pg_dumpall -g, where I'd then handle specific DB restore on its own. Your
>>>> right thought, I can copy out what I care about from the output.
>>>>
>>>> On Fri, Jul 26, 2024 at 10:06 AM Ron Johnson <ronljohnsonjr(at)gmail(dot)com>
>>>> wrote:
>>>>
>>>>> On Fri, Jul 26, 2024 at 12:43 PM Wells Oliver <wells(dot)oliver(at)gmail(dot)com>
>>>>> wrote:
>>>>>
>>>>>> I am doing a pg_restore of a database, which is nothing difficult,
>>>>>> but I also am creating a new server first, and rather than painstakingly
>>>>>> making sure I create all users and roles etc prior to pg_restore (so we can
>>>>>> have the same perms), is there some obvious way of doing this I'm unawares
>>>>>> of?
>>>>>>
>>>>>
>>>>> Running "pg_dumpall -g > source_roles.sql" and then scanning it for
>>>>> the relevant entries doesn't seem too onerous. It's a lot easier than the
>>>>> conceptually similar -- but much trickier -- process you need to go through
>>>>> when migrating SQL Server databases.
>>>>>
>>>>>
>>>>
>>>> --
>>>> Wells Oliver
>>>> wells(dot)oliver(at)gmail(dot)com <wellsoliver(at)gmail(dot)com>
>>>>
>>>
>>>
>>> --
>>> Wells Oliver
>>> wells(dot)oliver(at)gmail(dot)com <wellsoliver(at)gmail(dot)com>
>>>
>>
>
> --
> Wells Oliver
> wells(dot)oliver(at)gmail(dot)com <wellsoliver(at)gmail(dot)com>
>