BUG #19379: Role pg_read_all_data don't allowed read large objects

On Thursday, January 15, 2026, PG Bug reporting form <noreply@postgresql.org>
wrote:

The following bug has been logged on the website:

Bug reference: 19379
Logged by: Misha Shaygu
Email address: long76.git@mail.ru
PostgreSQL version: 17.7
Operating system: Kubuntu 24.04
Description:

My goal: create role for backup any database on server

Steps:
1. CREATE USER backup_user;
2. GRANT pg_read_all_data TO backup_user;
3. pg_dump my_db
4. got error to read large object

Following by links
https://www.postgresql.org/docs/17/predefined-roles.html
https://www.postgresql.org/docs/17/lo-implementation.html
"SELECT privileges are required to read a large object" and role
"pg_read_all_data" grant it, but it don't work!

Please fix it, thanks!

The docs you link note that all data is “tables, views, sequences”. Large
objects are not listed. Maybe that means the name is a bit misleading but
it’s working as documented.

Likewise, the LO page doesn’t say anything about read all being applicable.

David J.

Hi,

On 2026-01-15 06:36:35 -0700, David G. Johnston wrote:

On Thursday, January 15, 2026, PG Bug reporting form <noreply@postgresql.org>
wrote:

The following bug has been logged on the website:

Bug reference: 19379
Logged by: Misha Shaygu
Email address: long76.git@mail.ru
PostgreSQL version: 17.7
Operating system: Kubuntu 24.04
Description:

My goal: create role for backup any database on server

Steps:
1. CREATE USER backup_user;
2. GRANT pg_read_all_data TO backup_user;
3. pg_dump my_db
4. got error to read large object

Following by links
https://www.postgresql.org/docs/17/predefined-roles.html
https://www.postgresql.org/docs/17/lo-implementation.html
"SELECT privileges are required to read a large object" and role
"pg_read_all_data" grant it, but it don't work!

Please fix it, thanks!

The docs you link note that all data is “tables, views, sequences”. Large
objects are not listed. Maybe that means the name is a bit misleading but
it’s working as documented.

Likewise, the LO page doesn’t say anything about read all being applicable.

It's not contradicting our docs, but I think it likely still is an
oversight. The goal of pg_read_all_data [1]http://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=6c3ffd697e2242f5497ea4b40fffc8f6f922ff60 was to allow running pg_dump
without having to grant granular access, not being able to run pg_dump
successfully due to LOs prevents that.

This doesn't seem like something we're going to fix in a minor version
though...

Greetings,

Andres Freund

[1]: http://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=6c3ffd697e2242f5497ea4b40fffc8f6f922ff60

It could be interesting to have a new predefined role pg_read_all_lo to
be able to read all LO.

Maybe it could be done with an extension with some background task to
take into account newly created LO but it should be easier to have this
coded without an extension.

Le 15/01/2026 à 14:36, David G. Johnston a écrit :

Thanks for answers. And maybe pg_read_all_data without read lo don't allow read all data because need read data from lo. It's makes role pg_read_all_data useless. I hope for a speedy fix. четверг, 15 января 2026г., 16:47 +03:00 от Pierre Forstmann pierre.forstmann@gmail.com :

Thanks for answers.
Maybe pg_read_all_data without read lo don't allow read all data because need read lo.It's makes role pg_read_all_data useless.
 
I hope for a speedy fix.
 

Четверг, 15 января 2026, 16:47 +03:00 от Pierre Forstmann < pierre.forstmann@gmail.com >:
 
It could be interesting to have a new predefined role pg_read_all_lo to be able to read all LO.
Maybe it could be done with an extension with some background task to take into account newly created LO but it should be easier to have this coded without an extension.
Le 15/01/2026 à 14:36, David G. Johnston a écrit :

On Thursday, January 15, 2026, PG Bug reporting form < noreply@postgresql.org > wrote:

The following bug has been logged on the website:

Bug reference:      19379
Logged by:          Misha Shaygu
Email address:      long76.git@mail.ru
PostgreSQL version: 17.7
Operating system:   Kubuntu 24.04
Description:       

My goal: create role for backup any database on server

Steps:
1. CREATE USER backup_user;
2. GRANT pg_read_all_data TO backup_user;
3. pg_dump my_db
4. got error to read large object

Following by links
https://www.postgresql.org/docs/17/predefined-roles.html
https://www.postgresql.org/docs/17/lo-implementation.html
"SELECT privileges are required to read a large object" and role
"pg_read_all_data" grant it, but it don't work!

Please fix it, thanks!

 
The docs you link note that all data is “tables, views, sequences”.  Large objects are not listed.  Maybe that means the name is a bit misleading but it’s working as documented.
 
Likewise, the LO page doesn’t say anything about read all being applicable.
 
David J.
 

--
Long76

On Thu, Jan 15, 2026 at 7:15 PM Andres Freund <andres@anarazel.de> wrote:

The docs you link note that all data is “tables, views, sequences”. Large
objects are not listed. Maybe that means the name is a bit misleading but
it’s working as documented.

Likewise, the LO page doesn’t say anything about read all being applicable.

It's not contradicting our docs, but I think it likely still is an
oversight. The goal of pg_read_all_data [1] was to allow running pg_dump
without having to grant granular access, not being able to run pg_dump
successfully due to LOs prevents that.

Hi,

I have proposed a fix for this on pgsql-hackers [1]/messages/by-id/CAH5HC96dxAEvP78s1-JK_nDABH5c4w2MDfyx4vEWxBEfofGWsw@mail.gmail.com. And tested that
with the fix, pg_read_all_data can dump large objects. Please take a
look and let me know what you think.

Thanks & Regards,
Nitin Motiani
Google

[1]: /messages/by-id/CAH5HC96dxAEvP78s1-JK_nDABH5c4w2MDfyx4vEWxBEfofGWsw@mail.gmail.com