Participants
Rachel Roch
Rachel Roch
Adrian Klaver
Adrian Klaver
Tom Lane
Tom Lane
Attachments
Show all attachments
Thread Outline
#1Rachel RochRachel Roch
Jun 13, 2025
#2...#3
Tom LaneAdrian Klaver
to Rachel Roch (#1)
Jun 13, 2025
#2Tom LaneTom Laneto Rachel Roch (#1)
Jun 13, 2025
#3Adrian KlaverAdrian Klaverto Tom Lane (#2)
Jun 13, 2025
#4...#5
Rachel RochAdrian Klaver
to Rachel Roch (#1)
Jun 14, 2025
#4Rachel RochRachel Rochto Rachel Roch (#1)
Jun 14, 2025
#5Adrian KlaverAdrian Klaverto Rachel Roch (#4)
Jun 14, 2025
#6...#8
Rachel RochAdrian Klaver
to Rachel Roch (#1)
Jun 15, 2025
#6Rachel RochRachel Rochto Rachel Roch (#1)
Jun 15, 2025
#7Adrian KlaverAdrian Klaverto Rachel Roch (#6)
Jun 15, 2025
#8Adrian KlaverAdrian Klaverto Adrian Klaver (#7)
Jun 15, 2025
#9Rachel RochRachel Rochto Rachel Roch (#1)
Jun 16, 2025

pg_restore ERROR: permission denied to change default privileges

Started by Rachel Roch10 months ago9 messagesgeneral
Jump to latest
#1Rachel Roch
Rachel Roch
rroch@tutanota.de

I have a pg_dump from a postgres instance that I am attempting to restore onto a cloud one (i.e. an instance where I don't have access to the postgres superuser)

The dump was taken with:

pg_dump -Fc --quote-all-identifiers --serializable-deferrable --no-unlogged-table-data my_database > my_database.dump

I am attempting to restore it using the proxy admin user provided by the cloud provider:

pg_restore -d "host=foobar.example.com port=12345 user=my_cloud_admin_user sslrootcert=/path/to/the/cert.crt sslmode=require dbname=my_database" -O -1 my_database.dump

This is the error I am seeing:
pg_restore: error: could not execute query: ERROR:  permission denied to change default privilegesCommand was: ALTER DEFAULT PRIVILEGES FOR ROLE "postgres" IN SCHEMA "public" GRANT SELECT ON TABLES TO "my_database_ro";

N.B. "my_database_ro" being a user that was on the original database, and was successfully created in the new database by restoring a "pg_dumpall --globals-only" into the new database before attempting the pg_restore

#2Tom Lane
Tom Lane
tgl@sss.pgh.pa.us
In reply to: Rachel Roch (#1)
Re: pg_restore ERROR: permission denied to change default privileges

Rachel Roch <rroch@tutanota.de> writes:

This is the error I am seeing:
pg_restore: error: could not execute query: ERROR: permission denied to change default privilegesCommand was: ALTER DEFAULT PRIVILEGES FOR ROLE "postgres" IN SCHEMA "public" GRANT SELECT ON TABLES TO "my_database_ro";

Well, you aren't going to be able to do that if you're not superuser.

You could undo that ALTER in the source database and re-make the dump,
or edit the dump script to remove this command, or not use
pg_restore's "-1" switch and just ignore this error.

regards, tom lane

#3Adrian Klaver
Adrian Klaver
adrian.klaver@aklaver.com
In reply to: Tom Lane (#2)
Re: pg_restore ERROR: permission denied to change default privileges

On 6/13/25 11:23, Tom Lane wrote:

Rachel Roch <rroch@tutanota.de> writes:

This is the error I am seeing:
pg_restore: error: could not execute query: ERROR: permission denied to change default privilegesCommand was: ALTER DEFAULT PRIVILEGES FOR ROLE "postgres" IN SCHEMA "public" GRANT SELECT ON TABLES TO "my_database_ro";

Well, you aren't going to be able to do that if you're not superuser.

You could undo that ALTER in the source database and re-make the dump,
or edit the dump script to remove this command, or not use

To get at an editable script you can do something like:

pg_restore -f my_database_txt.sql my_database.dump

This will give you a plain text version of the dump that you can feed
back to psql to load into remote database.

If you want to do this in steps you can do:

pg_restore -s-f my_database_sch_txt.sql my_database.dump

to get the object(schema) definitions only and then

pg_restore -a -f my_database_data_txt.sql my_database.dump

to get the data definitions.

pg_restore's "-1" switch and just ignore this error.

regards, tom lane

--
Adrian Klaver
adrian.klaver@aklaver.com

#4Rachel Roch
Rachel Roch
rroch@tutanota.de
In reply to: Rachel Roch (#1)
Re: pg_restore ERROR: permission denied to change default privileges

13 Jun 2025, 20:13 by adrian.klaver@aklaver.com:

To get at an editable script you can do something like:

pg_restore -f my_database_txt.sql my_database.dump

This will give you a plain text version of the dump that you can feed back to psql to load into remote database.

Thanks Adrian !

I had thought maybe maybe I could do a "pg_restore -l my_database.dump" and ignore the relevant line using whatever the other flag is, but sadly there doesn't appear to be enough flexibility, i.e. 

pg_restore -l my_database.dump | fgrep -F postgres
gives:
2067; 826 16607 DEFAULT ACL public DEFAULT PRIVILEGES FOR TABLES postgres

But

pg_restore -l my_database.dump | fgrep -F my_database_ro
gives nothing.   :(

So either your solution or Tom's "just ignore it" sound like they'll work.

Import Notes
Reply to msg id not found: e12c9b8d-0d77-4462-9f52-06376d5f9d65@aklaver.com-OSehXyh----9
#5Adrian Klaver
Adrian Klaver
adrian.klaver@aklaver.com
In reply to: Rachel Roch (#4)
Re: pg_restore ERROR: permission denied to change default privileges

On 6/14/25 01:42, Rachel Roch wrote:

13 Jun 2025, 20:13 by adrian.klaver@aklaver.com:

To get at an editable script you can do something like:

pg_restore -f my_database_txt.sql my_database.dump

This will give you a plain text version of the dump that you can feed back to psql to load into remote database.

Thanks Adrian !

I had thought maybe maybe I could do a "pg_restore -l my_database.dump" and ignore the relevant line using whatever the other flag is, but sadly there doesn't appear to be enough flexibility, i.e.

pg_restore -l my_database.dump | fgrep -F postgres
gives:
2067; 826 16607 DEFAULT ACL public DEFAULT PRIVILEGES FOR TABLES postgres

But

pg_restore -l my_database.dump | fgrep -F my_database_ro
gives nothing.   :(

That is because the lines returned from pg_restore -l are not the full
commands, they represent(generally) a summary of the object, its name
and the owner.

The error message and your first example above show that the command is
there. See at here:

https://www.postgresql.org/docs/current/app-pgrestore.html

in the Examples section how you can comment out the line. Then you could
use -L to feed the list back to pg_restore.

Isn't fgrep -F redundant? As I understand it fgrep = grep -F

So either your solution or Tom's "just ignore it" sound like they'll work.

--
Adrian Klaver
adrian.klaver@aklaver.com

#6Rachel Roch
Rachel Roch
rroch@tutanota.de
In reply to: Rachel Roch (#1)
Re: pg_restore ERROR: permission denied to change default privileges

14 Jun 2025, 16:21 by adrian.klaver@aklaver.com:

Isn't fgrep -F redundant? As I understand it fgrep = grep -F

You have the wrong end of the stick. ;-)

As per Grep 3.8 release notes (https://lists.gnu.org/archive/html/info-gnu/2022-09/msg00001.html):

"The egrep and fgrep commands, which have been deprecated since release 2.5.3 (2007), now warn that they are obsolescent and should be replaced by grep -E and grep -F."

Import Notes
Reply to msg id not found: c3e27dc2-343d-48dd-bf05-a1404e6939ec@aklaver.com-OSj12KX----9
#7Adrian Klaver
Adrian Klaver
adrian.klaver@aklaver.com
In reply to: Rachel Roch (#6)
Re: pg_restore ERROR: permission denied to change default privileges

On 6/15/25 01:06, Rachel Roch wrote:

14 Jun 2025, 16:21 by adrian.klaver@aklaver.com:

Isn't fgrep -F redundant? As I understand it fgrep = grep -F

You have the wrong end of the stick. ;-)

Don't think so, the -F is redundant.

Try grep -F then fgrep and then fgrep -F on the same file.

As per Grep 3.8 release notes (https://lists.gnu.org/archive/html/info-gnu/2022-09/msg00001.html):

"The egrep and fgrep commands, which have been deprecated since release 2.5.3 (2007), now warn that they are obsolescent and should be replaced by grep -E and grep -F."

--
Adrian Klaver
adrian.klaver@aklaver.com

#8Adrian Klaver
Adrian Klaver
adrian.klaver@aklaver.com
In reply to: Adrian Klaver (#7)
Re: pg_restore ERROR: permission denied to change default privileges

On 6/15/25 08:15, Adrian Klaver wrote:

On 6/15/25 01:06, Rachel Roch wrote:

14 Jun 2025, 16:21 by adrian.klaver@aklaver.com:

Isn't fgrep -F redundant? As I understand it fgrep = grep -F

You have the wrong end of the stick. ;-)

Don't think so, the -F is redundant.

It is redundant for fgrep.

Try grep -F then fgrep and then fgrep -F on the same file.

As per Grep 3.8 release notes
(https://lists.gnu.org/archive/html/info-gnu/2022-09/msg00001.html):

"The egrep and fgrep commands, which have been deprecated since
release 2.5.3 (2007), now warn that they are obsolescent and should
be replaced by grep -E and grep -F."

--
Adrian Klaver
adrian.klaver@aklaver.com

#9Rachel Roch
Rachel Roch
rroch@tutanota.de
In reply to: Rachel Roch (#1)
Re: pg_restore ERROR: permission denied to change default privileges

15 Jun 2025, 17:15 by adrian.klaver@aklaver.com:

It is redundant for fgrep.

Talk about muscle memory !  How many years have I still been typing fgrep -F thinking I was typing grep -F !

Import Notes
Reply to msg id not found: 0187edee-2869-4858-9cdc-9dcdf636e18c@aklaver.com-OSoMtbg--3-9
← Back to Topics