On Mon, May 22, 2023 at 09:03:11AM +0800, jian he wrote: > In E.1.2. Migration to Version 16, probably need mention, some > privilege command cannot restore. > if new cluster bootstrap superuser name is not the same as old one. "GRANT x > TO > y GRANTED BY no_bootstrap_superuser; " will have error. > > ---pg15 dump content. > CREATE ROLE jian; > ALTER ROLE jian WITH SUPERUSER INHERIT CREATEROLE CREATEDB LOGIN REPLICATION > BYPASSRLS; > CREATE ROLE regress_priv_user1; > ALTER ROLE regress_priv_user1 WITH NOSUPERUSER INHERIT NOCREATEROLE NOCREATEDB > LOGIN NOREPLICATION NOBYPASSRLS; > CREATE ROLE regress_priv_user2; > ALTER ROLE regress_priv_user2 WITH NOSUPERUSER INHERIT NOCREATEROLE NOCREATEDB > LOGIN NOREPLICATION NOBYPASSRLS; > CREATE ROLE su1; > ALTER ROLE su1 WITH SUPERUSER INHERIT CREATEROLE NOCREATEDB LOGIN > NOREPLICATION > NOBYPASSRLS; > GRANT regress_priv_user1 TO regress_priv_user2 GRANTED BY su1; > > -----------restore in pg16 > \i /home/jian/Desktop/dumpall_schema.sql > 2023-05-22 08:46:00.170 CST [456584] ERROR: permission denied to grant > privileges as role "su1" > 2023-05-22 08:46:00.170 CST [456584] DETAIL: The grantor must have the ADMIN > option on role "regress_priv_user1". > 2023-05-22 08:46:00.170 CST [456584] STATEMENT: GRANT regress_priv_user1 TO > regress_priv_user2 GRANTED BY su1; > psql:/home/jian/Desktop/dumpall_schema.sql:32: ERROR: permission denied to > grant privileges as role "su1" > DETAIL: The grantor must have the ADMIN option on role "regress_priv_user1".
Agreed, new text: <!-- Author: Robert Haas <rh...@postgresql.org> 2022-07-26 [e530be2c5] Do not allow removal of superuser privileges from bootst --> <listitem> <para> Prevent removal of superuser privileges for the bootstrap user (Robert Haas) </para> <para> --> Restoring such users could lead to errors. </para> </listitem> -- Bruce Momjian <br...@momjian.us> https://momjian.us EDB https://enterprisedb.com Only you can decide what is important to you.