On Tue, May 05, 2026 at 03:10:47PM -0400, Tom Lane wrote:
> I don't think that pg_dumpall is to be blamed; this is the backend's
> fault. I thought we had made this better in dd1398f13, but it still
> seems rather bogus:
>
> [...]
> regression=# grant a to b granted by super;
> ERROR: permission denied to grant privileges as role "super"
> DETAIL: The grantor must have the ADMIN option on role "a".
>
> Surely a superuser should be considered to have admin options
> on everything.
For what it's worth, this lines up with my and my team's thinking on
this issue. The idea that there are two "tiers" of superusers
(bootstrap and the rest) seems to run against a) the general rule of
making permissions obvious and explicitly grantable, and b) the very
own definition of superuser as David pointed out. The fact that there
is no reasonable way of fixing the pg_dumpall output even if we wanted
to (bar, I guess, renaming the bootstrap superuser) seems to indicate
that something is off with the permission model on this.
Álvaro
