Обсуждение: BUG #19379: Role pg_read_all_data don't allowed read large objects
The following bug has been logged on the website: Bug reference: 19379 Logged by: Misha Shaygu Email address: long76.git@mail.ru PostgreSQL version: 17.7 Operating system: Kubuntu 24.04 Description: My goal: create role for backup any database on server Steps: 1. CREATE USER backup_user; 2. GRANT pg_read_all_data TO backup_user; 3. pg_dump my_db 4. got error to read large object Following by links https://www.postgresql.org/docs/17/predefined-roles.html https://www.postgresql.org/docs/17/lo-implementation.html "SELECT privileges are required to read a large object" and role "pg_read_all_data" grant it, but it don't work! Please fix it, thanks!
On Thursday, January 15, 2026, PG Bug reporting form <noreply@postgresql.org> wrote:
The following bug has been logged on the website:
Bug reference: 19379
Logged by: Misha Shaygu
Email address: long76.git@mail.ru
PostgreSQL version: 17.7
Operating system: Kubuntu 24.04
Description:
My goal: create role for backup any database on server
Steps:
1. CREATE USER backup_user;
2. GRANT pg_read_all_data TO backup_user;
3. pg_dump my_db
4. got error to read large object
Following by links
https://www.postgresql.org/docs/17/predefined-roles.html
https://www.postgresql.org/docs/17/lo-implementation.html
"SELECT privileges are required to read a large object" and role
"pg_read_all_data" grant it, but it don't work!
Please fix it, thanks!
The docs you link note that all data is “tables, views, sequences”. Large objects are not listed. Maybe that means the name is a bit misleading but it’s working as documented.
Likewise, the LO page doesn’t say anything about read all being applicable.
David J.
Hi, On 2026-01-15 06:36:35 -0700, David G. Johnston wrote: > On Thursday, January 15, 2026, PG Bug reporting form <noreply@postgresql.org> > wrote: > > > The following bug has been logged on the website: > > > > Bug reference: 19379 > > Logged by: Misha Shaygu > > Email address: long76.git@mail.ru > > PostgreSQL version: 17.7 > > Operating system: Kubuntu 24.04 > > Description: > > > > My goal: create role for backup any database on server > > > > Steps: > > 1. CREATE USER backup_user; > > 2. GRANT pg_read_all_data TO backup_user; > > 3. pg_dump my_db > > 4. got error to read large object > > > > Following by links > > https://www.postgresql.org/docs/17/predefined-roles.html > > https://www.postgresql.org/docs/17/lo-implementation.html > > "SELECT privileges are required to read a large object" and role > > "pg_read_all_data" grant it, but it don't work! > > > > Please fix it, thanks! > > > > The docs you link note that all data is “tables, views, sequences”. Large > objects are not listed. Maybe that means the name is a bit misleading but > it’s working as documented. > > Likewise, the LO page doesn’t say anything about read all being applicable. It's not contradicting our docs, but I think it likely still is an oversight. The goal of pg_read_all_data [1] was to allow running pg_dump without having to grant granular access, not being able to run pg_dump successfully due to LOs prevents that. This doesn't seem like something we're going to fix in a minor version though... Greetings, Andres Freund [1] http://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=6c3ffd697e2242f5497ea4b40fffc8f6f922ff60 > A commonly requested use-case is to have a role who can run an > unfettered pg_dump without having to explicitly GRANT that user access > to all tables, schemas, et al, without that role being a superuser.
It could be interesting to have a new predefined role pg_read_all_lo to be able to read all LO.
Maybe it could be done with an extension with some background task to take into account newly created LO but it should be easier to have this coded without an extension.
Le 15/01/2026 à 14:36, David G. Johnston a écrit :
On Thursday, January 15, 2026, PG Bug reporting form <noreply@postgresql.org> wrote:The following bug has been logged on the website:
Bug reference: 19379
Logged by: Misha Shaygu
Email address: long76.git@mail.ru
PostgreSQL version: 17.7
Operating system: Kubuntu 24.04
Description:
My goal: create role for backup any database on server
Steps:
1. CREATE USER backup_user;
2. GRANT pg_read_all_data TO backup_user;
3. pg_dump my_db
4. got error to read large object
Following by links
https://www.postgresql.org/docs/17/predefined-roles.html
https://www.postgresql.org/docs/17/lo-implementation.html
"SELECT privileges are required to read a large object" and role
"pg_read_all_data" grant it, but it don't work!
Please fix it, thanks!The docs you link note that all data is “tables, views, sequences”. Large objects are not listed. Maybe that means the name is a bit misleading but it’s working as documented.Likewise, the LO page doesn’t say anything about read all being applicable.David J.
Thanks for answers. And maybe pg_read_all_data without read lo don't allow read all data because need read data from lo. It's makes role pg_read_all_data useless. I hope for a speedy fix. четверг, 15 января 2026г., 16:47 +03:00 от Pierre Forstmann pierre.forstmann@gmail.com:
It could be interesting to have a new predefined role pg_read_all_lo to be able to read all LO.
Maybe it could be done with an extension with some background task to take into account newly created LO but it should be easier to have this coded without an extension.
Le 15/01/2026 à 14:36, David G. Johnston a écrit :
On Thursday, January 15, 2026, PG Bug reporting form <noreply@postgresql.org> wrote:The following bug has been logged on the website:
Bug reference: 19379
Logged by: Misha Shaygu
Email address: long76.git@mail.ru
PostgreSQL version: 17.7
Operating system: Kubuntu 24.04
Description:
My goal: create role for backup any database on server
Steps:
1. CREATE USER backup_user;
2. GRANT pg_read_all_data TO backup_user;
3. pg_dump my_db
4. got error to read large object
Following by links
https://www.postgresql.org/docs/17/predefined-roles.html
https://www.postgresql.org/docs/17/lo-implementation.html
"SELECT privileges are required to read a large object" and role
"pg_read_all_data" grant it, but it don't work!
Please fix it, thanks!The docs you link note that all data is “tables, views, sequences”. Large objects are not listed. Maybe that means the name is a bit misleading but it’s working as documented.Likewise, the LO page doesn’t say anything about read all being applicable.David J.
Thanks for answers.
Maybe pg_read_all_data without read lo don't allow read all data because need read lo.It's makes role pg_read_all_data useless.
I hope for a speedy fix.
Четверг, 15 января 2026, 16:47 +03:00 от Pierre Forstmann <pierre.forstmann@gmail.com>:
It could be interesting to have a new predefined role pg_read_all_lo to be able to read all LO.
Maybe it could be done with an extension with some background task to take into account newly created LO but it should be easier to have this coded without an extension.
Le 15/01/2026 à 14:36, David G. Johnston a écrit :On Thursday, January 15, 2026, PG Bug reporting form <noreply@postgresql.org> wrote:The following bug has been logged on the website:
Bug reference: 19379
Logged by: Misha Shaygu
Email address: long76.git@mail.ru
PostgreSQL version: 17.7
Operating system: Kubuntu 24.04
Description:
My goal: create role for backup any database on server
Steps:
1. CREATE USER backup_user;
2. GRANT pg_read_all_data TO backup_user;
3. pg_dump my_db
4. got error to read large object
Following by links
https://www.postgresql.org/docs/17/predefined-roles.html
https://www.postgresql.org/docs/17/lo-implementation.html
"SELECT privileges are required to read a large object" and role
"pg_read_all_data" grant it, but it don't work!
Please fix it, thanks!The docs you link note that all data is “tables, views, sequences”. Large objects are not listed. Maybe that means the name is a bit misleading but it’s working as documented.Likewise, the LO page doesn’t say anything about read all being applicable.David J.
--
Long76
Long76
On Thu, Jan 15, 2026 at 7:15 PM Andres Freund <andres@anarazel.de> wrote: > > > > > The docs you link note that all data is “tables, views, sequences”. Large > > objects are not listed. Maybe that means the name is a bit misleading but > > it’s working as documented. > > > > Likewise, the LO page doesn’t say anything about read all being applicable. > > It's not contradicting our docs, but I think it likely still is an > oversight. The goal of pg_read_all_data [1] was to allow running pg_dump > without having to grant granular access, not being able to run pg_dump > successfully due to LOs prevents that. > Hi, I have proposed a fix for this on pgsql-hackers [1]. And tested that with the fix, pg_read_all_data can dump large objects. Please take a look and let me know what you think. Thanks & Regards, Nitin Motiani Google [1] https://www.postgresql.org/message-id/CAH5HC96dxAEvP78s1-JK_nDABH5c4w2MDfyx4vEWxBEfofGWsw%40mail.gmail.com