Re: Allow pg_dumpall to work without pg_authid

Stephen Frost <sfrost@snowman.net>

From: Stephen Frost <sfrost@snowman.net>
To: Robins Tharakan <tharakan@gmail.com>
Cc: "pgsql-hackers@postgresql.org" <pgsql-hackers@postgresql.org>
Date: 2017-02-18T23:08:33Z
Lists: pgsql-hackers
Greetings,

* Robins Tharakan (tharakan@gmail.com) wrote:
> I would like to work on a patch to accommodate restricted environments
> (such as AWS RDS Postgres) which don't allow pg_authid access since their
> definition of Superuser is just a regular user with extra permissions.
> 
> Would you consider a patch to add a flag to work around this restriction,
> Or, do you prefer that this be maintained outside core?
> 
> I could add a flag such as --avoid-pgauthid (am open to options) that skips
> pg_authid and uses pg_user (but essentially resets all User passwords).
> Mostly this is better than not being able to get the dump at all.

If anything, it should use pg_roles, not pg_user.

I don't really like the "--avoid-pgauthid" option, but "--no-passwords"
would probably work.

In general, this seems like a reasonable thing to add support for.

Thanks!

Stephen

Commits

  1. Fix dumping role comments when using --no-role-passwords