Postgres Pro
Downloads
Home   >   mailing lists

Thread: pg_restore but for full user and roles, etc

pg_restore but for full user and roles, etc

From
Wells Oliver
Date:
I am doing a pg_restore of a database, which is nothing difficult, but I also am creating a new server first, and rather than painstakingly making sure I create all users and roles etc prior to pg_restore (so we can have the same perms), is there some obvious way of doing this I'm unawares of?

--

Re: pg_restore but for full user and roles, etc

From
Keith Fiske
Date:


On Fri, Jul 26, 2024 at 12:43 PM Wells Oliver <wells.oliver@gmail.com> wrote:
I am doing a pg_restore of a database, which is nothing difficult, but I also am creating a new server first, and rather than painstakingly making sure I create all users and roles etc prior to pg_restore (so we can have the same perms), is there some obvious way of doing this I'm unawares of?

--

pg_restore is only used for custom/directory format dumps done by pg_dump. Roles are global objects, not per database. So you have to use "pg_dumpall -g" to grab the global objects. That creates a standard sql file that you then use "psql -f" to restore.

And to clarify, while the roles themselves are global, the GRANTS are per database and would be contained in the pg_dump files along with the objects those grants are for.
--
Keith Fiske
Senior Database Engineer
Crunchy Data - http://crunchydata.com

Re: pg_restore but for full user and roles, etc

From
Ron Johnson
Date:
On Fri, Jul 26, 2024 at 12:43 PM Wells Oliver <wells.oliver@gmail.com> wrote:
I am doing a pg_restore of a database, which is nothing difficult, but I also am creating a new server first, and rather than painstakingly making sure I create all users and roles etc prior to pg_restore (so we can have the same perms), is there some obvious way of doing this I'm unawares of?

Running "pg_dumpall -g > source_roles.sql" and then scanning it for the relevant entries doesn't seem too onerous.  It's a lot easier than the conceptually similar -- but much trickier -- process you need to go through when migrating SQL Server databases.

Re: pg_restore but for full user and roles, etc

From
Wells Oliver
Date:
Thanks. Yeah, I was basically looking for the role/user only version of pg_dumpall -g, where I'd then handle specific DB restore on its own. Your right thought, I can copy out what I care about from the output.

On Fri, Jul 26, 2024 at 10:06 AM Ron Johnson <ronljohnsonjr@gmail.com> wrote:
On Fri, Jul 26, 2024 at 12:43 PM Wells Oliver <wells.oliver@gmail.com> wrote:
I am doing a pg_restore of a database, which is nothing difficult, but I also am creating a new server first, and rather than painstakingly making sure I create all users and roles etc prior to pg_restore (so we can have the same perms), is there some obvious way of doing this I'm unawares of?

Running "pg_dumpall -g > source_roles.sql" and then scanning it for the relevant entries doesn't seem too onerous.  It's a lot easier than the conceptually similar -- but much trickier -- process you need to go through when migrating SQL Server databases.



--

Re: pg_restore but for full user and roles, etc

From
Wells Oliver
Date:
Ah, sorry for the multiple responses, but it doesn't seem like pg_dumpall is permitted in AWS RDS. If anyone has any other clever ways of getting to this info, would appreciate any ideas.

On Fri, Jul 26, 2024 at 10:15 AM Wells Oliver <wells.oliver@gmail.com> wrote:
Thanks. Yeah, I was basically looking for the role/user only version of pg_dumpall -g, where I'd then handle specific DB restore on its own. Your right thought, I can copy out what I care about from the output.

On Fri, Jul 26, 2024 at 10:06 AM Ron Johnson <ronljohnsonjr@gmail.com> wrote:
On Fri, Jul 26, 2024 at 12:43 PM Wells Oliver <wells.oliver@gmail.com> wrote:
I am doing a pg_restore of a database, which is nothing difficult, but I also am creating a new server first, and rather than painstakingly making sure I create all users and roles etc prior to pg_restore (so we can have the same perms), is there some obvious way of doing this I'm unawares of?

Running "pg_dumpall -g > source_roles.sql" and then scanning it for the relevant entries doesn't seem too onerous.  It's a lot easier than the conceptually similar -- but much trickier -- process you need to go through when migrating SQL Server databases.



--


--

Re: pg_restore but for full user and roles, etc

From
Ron Johnson
Date:
pg_dumpall has "--roles-only" and "--no-role-passwords" options (in at least PG 14).

I'm 99.9% sure that "--no-role-passwords" was added specifically because of AWS RDS security policy.

On Fri, Jul 26, 2024 at 1:19 PM Wells Oliver <wells.oliver@gmail.com> wrote:
Ah, sorry for the multiple responses, but it doesn't seem like pg_dumpall is permitted in AWS RDS. If anyone has any other clever ways of getting to this info, would appreciate any ideas.

On Fri, Jul 26, 2024 at 10:15 AM Wells Oliver <wells.oliver@gmail.com> wrote:
Thanks. Yeah, I was basically looking for the role/user only version of pg_dumpall -g, where I'd then handle specific DB restore on its own. Your right thought, I can copy out what I care about from the output.

On Fri, Jul 26, 2024 at 10:06 AM Ron Johnson <ronljohnsonjr@gmail.com> wrote:
On Fri, Jul 26, 2024 at 12:43 PM Wells Oliver <wells.oliver@gmail.com> wrote:
I am doing a pg_restore of a database, which is nothing difficult, but I also am creating a new server first, and rather than painstakingly making sure I create all users and roles etc prior to pg_restore (so we can have the same perms), is there some obvious way of doing this I'm unawares of?

Running "pg_dumpall -g > source_roles.sql" and then scanning it for the relevant entries doesn't seem too onerous.  It's a lot easier than the conceptually similar -- but much trickier -- process you need to go through when migrating SQL Server databases.



--


--

Re: pg_restore but for full user and roles, etc

From
Wells Oliver
Date:
Ah, perfect:

pg_dumpall -g -U postgres -h myhost --no-role-passwords

Exactly what I am after, works on RDS.

On Fri, Jul 26, 2024 at 10:24 AM Ron Johnson <ronljohnsonjr@gmail.com> wrote:
pg_dumpall has "--roles-only" and "--no-role-passwords" options (in at least PG 14).

I'm 99.9% sure that "--no-role-passwords" was added specifically because of AWS RDS security policy.

On Fri, Jul 26, 2024 at 1:19 PM Wells Oliver <wells.oliver@gmail.com> wrote:
Ah, sorry for the multiple responses, but it doesn't seem like pg_dumpall is permitted in AWS RDS. If anyone has any other clever ways of getting to this info, would appreciate any ideas.

On Fri, Jul 26, 2024 at 10:15 AM Wells Oliver <wells.oliver@gmail.com> wrote:
Thanks. Yeah, I was basically looking for the role/user only version of pg_dumpall -g, where I'd then handle specific DB restore on its own. Your right thought, I can copy out what I care about from the output.

On Fri, Jul 26, 2024 at 10:06 AM Ron Johnson <ronljohnsonjr@gmail.com> wrote:
On Fri, Jul 26, 2024 at 12:43 PM Wells Oliver <wells.oliver@gmail.com> wrote:
I am doing a pg_restore of a database, which is nothing difficult, but I also am creating a new server first, and rather than painstakingly making sure I create all users and roles etc prior to pg_restore (so we can have the same perms), is there some obvious way of doing this I'm unawares of?

Running "pg_dumpall -g > source_roles.sql" and then scanning it for the relevant entries doesn't seem too onerous.  It's a lot easier than the conceptually similar -- but much trickier -- process you need to go through when migrating SQL Server databases.



--


--


--

Re: pg_restore but for full user and roles, etc

From
Zaid Shabbir
Date:
Great Wells you got your answer. I just want to one more thing regarding '--no-role-passwords' switch 

Since password values aren't needed when this option is specified, the role information is read from the catalog view pg_roles instead of pg_authid. Therefore, this option also helps if access to pg_authid is restricted by some security policy.

On Fri, Jul 26, 2024 at 10:29 PM Wells Oliver <wells.oliver@gmail.com> wrote:
Ah, perfect:

pg_dumpall -g -U postgres -h myhost --no-role-passwords

Exactly what I am after, works on RDS.

On Fri, Jul 26, 2024 at 10:24 AM Ron Johnson <ronljohnsonjr@gmail.com> wrote:
pg_dumpall has "--roles-only" and "--no-role-passwords" options (in at least PG 14).

I'm 99.9% sure that "--no-role-passwords" was added specifically because of AWS RDS security policy.

On Fri, Jul 26, 2024 at 1:19 PM Wells Oliver <wells.oliver@gmail.com> wrote:
Ah, sorry for the multiple responses, but it doesn't seem like pg_dumpall is permitted in AWS RDS. If anyone has any other clever ways of getting to this info, would appreciate any ideas.

On Fri, Jul 26, 2024 at 10:15 AM Wells Oliver <wells.oliver@gmail.com> wrote:
Thanks. Yeah, I was basically looking for the role/user only version of pg_dumpall -g, where I'd then handle specific DB restore on its own. Your right thought, I can copy out what I care about from the output.

On Fri, Jul 26, 2024 at 10:06 AM Ron Johnson <ronljohnsonjr@gmail.com> wrote:
On Fri, Jul 26, 2024 at 12:43 PM Wells Oliver <wells.oliver@gmail.com> wrote:
I am doing a pg_restore of a database, which is nothing difficult, but I also am creating a new server first, and rather than painstakingly making sure I create all users and roles etc prior to pg_restore (so we can have the same perms), is there some obvious way of doing this I'm unawares of?

Running "pg_dumpall -g > source_roles.sql" and then scanning it for the relevant entries doesn't seem too onerous.  It's a lot easier than the conceptually similar -- but much trickier -- process you need to go through when migrating SQL Server databases.



--


--


--