Hi there,
We have hit an issue with pg_dumpall --roles-only where the role grants to other roles can't be reapplied in a clean database, if the bootstrap superuser does not have the same name in both databases. The problem is that dumpall generates a statement such as this:
GRANT a TO b WITH INHERIT TRUE GRANTED BY postgres;
However, if postgres is merely a superuser and not the bootstrap superuser, this fails because, from the docs, "The role recorded as the grantor must have ADMIN OPTION on the target role, unless it is the bootstrap superuser".
Environment
- PostgreSQL 18.3 (Debian 18.3-1.pgdg13+1), official postgres:18 Docker image
- Host: macOS (Darwin 25.4.0), Docker 29.4.1
Steps to reproduce
1. Start two Postgres 18 containers with different superusers:
docker run -d --name pg18-postgres \
-e POSTGRES_USER=postgres -e POSTGRES_PASSWORD=postgres \
-p 5432:5432 postgres:18
docker run -d --name pg18-notpostgres \
-e POSTGRES_USER=notpostgres -e POSTGRES_PASSWORD=notpostgres \
-p 5433:5432 postgres:18
2. On the source container, create two roles and grant one to the other:
docker exec pg18-postgres psql -U postgres \
-c "CREATE ROLE role_a;" \
-c "CREATE ROLE role_b;" \
-c "GRANT role_a TO role_b;"
3. Dump roles only and save to a file (attached):
docker exec pg18-postgres pg_dumpall -U postgres --roles-only > dumpall.sql
4. Replay the dump against the second container:
cat dumpall.sql | docker exec -i pg18-notpostgres psql -U notpostgres
Expected: restore succeeds
Actual:
ERROR: permission denied to grant privileges as role "postgres"
DETAIL: The grantor must have the ADMIN option on role "role_a".
Thank you,
Álvaro Rodríguez
