From: | Bruce Momjian <bruce(at)momjian(dot)us> |
---|---|
To: | jian he <jian(dot)universality(at)gmail(dot)com> |
Cc: | PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: PG 16 draft release notes ready |
Date: | 2023-05-22 02:50:18 |
Message-ID: | ZGrYauX4wJ1P6eAb@momjian.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Mon, May 22, 2023 at 09:03:11AM +0800, jian he wrote:
> In E.1.2. Migration to Version 16, probably need mention, some
> privilege command cannot restore.
> if new cluster bootstrap superuser name is not the same as old one. "GRANT x TO
> y GRANTED BY no_bootstrap_superuser; " will have error.
>
> ---pg15 dump content.
> CREATE ROLE jian;
> ALTER ROLE jian WITH SUPERUSER INHERIT CREATEROLE CREATEDB LOGIN REPLICATION
> BYPASSRLS;
> CREATE ROLE regress_priv_user1;
> ALTER ROLE regress_priv_user1 WITH NOSUPERUSER INHERIT NOCREATEROLE NOCREATEDB
> LOGIN NOREPLICATION NOBYPASSRLS;
> CREATE ROLE regress_priv_user2;
> ALTER ROLE regress_priv_user2 WITH NOSUPERUSER INHERIT NOCREATEROLE NOCREATEDB
> LOGIN NOREPLICATION NOBYPASSRLS;
> CREATE ROLE su1;
> ALTER ROLE su1 WITH SUPERUSER INHERIT CREATEROLE NOCREATEDB LOGIN NOREPLICATION
> NOBYPASSRLS;
> GRANT regress_priv_user1 TO regress_priv_user2 GRANTED BY su1;
>
> -----------restore in pg16
> \i /home/jian/Desktop/dumpall_schema.sql
> 2023-05-22 08:46:00.170 CST [456584] ERROR: permission denied to grant
> privileges as role "su1"
> 2023-05-22 08:46:00.170 CST [456584] DETAIL: The grantor must have the ADMIN
> option on role "regress_priv_user1".
> 2023-05-22 08:46:00.170 CST [456584] STATEMENT: GRANT regress_priv_user1 TO
> regress_priv_user2 GRANTED BY su1;
> psql:/home/jian/Desktop/dumpall_schema.sql:32: ERROR: permission denied to
> grant privileges as role "su1"
> DETAIL: The grantor must have the ADMIN option on role "regress_priv_user1".
Agreed, new text:
<!--
Author: Robert Haas <rhaas(at)postgresql(dot)org>
2022-07-26 [e530be2c5] Do not allow removal of superuser privileges from bootst
-->
<listitem>
<para>
Prevent removal of superuser privileges for the bootstrap user (Robert Haas)
</para>
<para>
--> Restoring such users could lead to errors.
</para>
</listitem>
--
Bruce Momjian <bruce(at)momjian(dot)us> https://momjian.us
EDB https://enterprisedb.com
Only you can decide what is important to you.
From | Date | Subject | |
---|---|---|---|
Next Message | Bruce Momjian | 2023-05-22 02:52:09 | Re: PG 16 draft release notes ready |
Previous Message | Bruce Momjian | 2023-05-22 02:46:58 | Re: PG 16 draft release notes ready |