On Tue, May 5, 2026 at 11:23 AM Euler Taveira <euler@eulerto.com> wrote:
On Tue, May 5, 2026, at 7:51 AM, Álvaro Rodríguez wrote: > > We have hit an issue with pg_dumpall --roles-only where the role grants > to other roles can't be reapplied in a clean database, if the bootstrap > superuser does not have the same name in both databases. >
This is not a bug.
Maybe we should add a sentence saying that GRANT on roles requires the same bootstrap user.
This does seem to contradict the claim in create role:
SUPERUSER
These clauses determine whether the new role is a “superuser”, who can override all access restrictions within the database.
This at least feels like an access restriction being applied to a superuser. IIUC, the reason the bootstrap superuser doesn't get this applied is because as owner of all roles in a system they alone can bypass the "with admin" privilege check.
This may not be a bug in the code but it seems a reasonable indicator that our documentation hasn't imparted a solid mental model as to how this is supposed to behave in the new, more locked down, regime.
I wouldn't object to giving pg_dumpall a --bootstrap-name parameter though, to avoid having to tell people to perform string munging on its output. We already have a --no-owner option to pg_dump, this doesn't seem all that different. (Or --no-granted-by-on-role-grants ?) (Or make --no-owner on pg_dumpall apply here.)
