Doc Text:
|
Cause:
engine-backup used pg_dump's default, which is to dump (also) ownership of objects and grants on them to other users.
Consequence:
If the dump included grants to users that existed on the backed up database, but do not exist on the database we restore to, restore will fail.
Fix:
With custom (default) dump format, permissions are always saved, and during restore user must pass either --restore-permissions' or '--no-restore-permissions'. For default setups, there is no difference. It does make a difference if extra users/grants were added to the database after setup - in that case, if user wants to keep the grants, the user has to manually create the users prior to running restore.
With plain dump format, permissions are never saved, and the user is notified with the following text:
#####################################################################################################
Please note: permissions are not backed up with a plain dump format, thus not restored during restore
#####################################################################################################
Note to doc team:
In 3.3 (only), dwh setup asked whether to create a read-only db user allowing remote access to the dwh database.
In 3.4 and later, we did not have similar functionality.
In 3.2, we also didn't have it, but we did have instructions [1] about how to do that manually. I now see that we also have them in 3.5 [2].
We might want to write something similar for 3.4+, perhaps as a KB article.
Note that 3.4 requires a bit more manual configuration than 3.5 - 3.5 configures postgresql.conf 'listen_address=*', which 3.4 does not.
In any case, as explained above, such users, whether created manually or by 3.3's dwh-setup (which was later upgraded), are not backed up or restored by engine-backup with plain format, and with custom format user must choose whether to restore them or not.
[1] https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Virtualization/3.2/html/Administration_Guide/Allowing_Read_Only_Access_to_the_History_Database.html
[2] https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Virtualization/3.5/html/Administration_Guide/sect-History_Database.html#Allowing_Read_Only_Access_to_the_History_Database
|