Re: BUG #19379: Role pg_read_all_data don't allowed read large objects
Andres Freund <andres@anarazel.de>
From: Andres Freund <andres@anarazel.de>
To: "David G. Johnston" <david.g.johnston@gmail.com>
Cc: "long76.git@mail.ru" <long76.git@mail.ru>, "pgsql-bugs@lists.postgresql.org" <pgsql-bugs@lists.postgresql.org>
Date: 2026-01-15T13:45:40Z
Lists: pgsql-bugs
Hi, On 2026-01-15 06:36:35 -0700, David G. Johnston wrote: > On Thursday, January 15, 2026, PG Bug reporting form <noreply@postgresql.org> > wrote: > > > The following bug has been logged on the website: > > > > Bug reference: 19379 > > Logged by: Misha Shaygu > > Email address: long76.git@mail.ru > > PostgreSQL version: 17.7 > > Operating system: Kubuntu 24.04 > > Description: > > > > My goal: create role for backup any database on server > > > > Steps: > > 1. CREATE USER backup_user; > > 2. GRANT pg_read_all_data TO backup_user; > > 3. pg_dump my_db > > 4. got error to read large object > > > > Following by links > > https://www.postgresql.org/docs/17/predefined-roles.html > > https://www.postgresql.org/docs/17/lo-implementation.html > > "SELECT privileges are required to read a large object" and role > > "pg_read_all_data" grant it, but it don't work! > > > > Please fix it, thanks! > > > > The docs you link note that all data is “tables, views, sequences”. Large > objects are not listed. Maybe that means the name is a bit misleading but > it’s working as documented. > > Likewise, the LO page doesn’t say anything about read all being applicable. It's not contradicting our docs, but I think it likely still is an oversight. The goal of pg_read_all_data [1] was to allow running pg_dump without having to grant granular access, not being able to run pg_dump successfully due to LOs prevents that. This doesn't seem like something we're going to fix in a minor version though... Greetings, Andres Freund [1] http://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=6c3ffd697e2242f5497ea4b40fffc8f6f922ff60 > A commonly requested use-case is to have a role who can run an > unfettered pg_dump without having to explicitly GRANT that user access > to all tables, schemas, et al, without that role being a superuser.
Commits
Same data as JSON:
GET /api/v1/messages/:b64id/commits
the thread's linked commits as JSON, with link sources.
API reference →
-
Add pg_read_all_data and pg_write_all_data roles
- 6c3ffd697e22 14.0 cited