Re: PG 16 draft release notes ready - Mailing list pgsql-hackers

From Bruce Momjian
Subject Re: PG 16 draft release notes ready
Date
Msg-id ZGrYauX4wJ1P6eAb@momjian.us
Whole thread Raw
In response to Re: PG 16 draft release notes ready  (jian he <jian.universality@gmail.com>)
List pgsql-hackers
On Mon, May 22, 2023 at 09:03:11AM +0800, jian he wrote:
> In E.1.2. Migration to Version 16, probably need mention, some
> privilege command cannot restore.
> if new cluster bootstrap superuser name is not the same as old one. "GRANT x TO
> y GRANTED BY no_bootstrap_superuser; " will have error.
> 
> ---pg15 dump content.
> CREATE ROLE jian;
> ALTER ROLE jian WITH SUPERUSER INHERIT CREATEROLE CREATEDB LOGIN REPLICATION
> BYPASSRLS;
> CREATE ROLE regress_priv_user1;
> ALTER ROLE regress_priv_user1 WITH NOSUPERUSER INHERIT NOCREATEROLE NOCREATEDB
> LOGIN NOREPLICATION NOBYPASSRLS;
> CREATE ROLE regress_priv_user2;
> ALTER ROLE regress_priv_user2 WITH NOSUPERUSER INHERIT NOCREATEROLE NOCREATEDB
> LOGIN NOREPLICATION NOBYPASSRLS;
> CREATE ROLE su1;
> ALTER ROLE su1 WITH SUPERUSER INHERIT CREATEROLE NOCREATEDB LOGIN NOREPLICATION
> NOBYPASSRLS;
> GRANT regress_priv_user1 TO regress_priv_user2 GRANTED BY su1;
> 
> -----------restore in pg16
> \i /home/jian/Desktop/dumpall_schema.sql
> 2023-05-22 08:46:00.170 CST [456584] ERROR:  permission denied to grant
> privileges as role "su1"
> 2023-05-22 08:46:00.170 CST [456584] DETAIL:  The grantor must have the ADMIN
> option on role "regress_priv_user1".
> 2023-05-22 08:46:00.170 CST [456584] STATEMENT:  GRANT regress_priv_user1 TO
> regress_priv_user2 GRANTED BY su1;
> psql:/home/jian/Desktop/dumpall_schema.sql:32: ERROR:  permission denied to
> grant privileges as role "su1"
> DETAIL:  The grantor must have the ADMIN option on role "regress_priv_user1".

Agreed, new text:

    <!--
    Author: Robert Haas <rhaas@postgresql.org>
    2022-07-26 [e530be2c5] Do not allow removal of superuser privileges from bootst
    -->
    
    <listitem>
    <para>
    Prevent removal of superuser privileges for the bootstrap user (Robert Haas)
    </para>
    
    <para>
-->    Restoring such users could lead to errors.
    </para>
    </listitem>

-- 
  Bruce Momjian  <bruce@momjian.us>        https://momjian.us
  EDB                                      https://enterprisedb.com

  Only you can decide what is important to you.



pgsql-hackers by date:

Previous
From: Bruce Momjian
Date:
Subject: Re: PG 16 draft release notes ready
Next
From: Bruce Momjian
Date:
Subject: Re: PG 16 draft release notes ready