First draft of PG 19 release notes

First seen: 2026-05-29 03:30:28+00:00 · Messages: 2 · Participants: 2

Latest Update

2026-06-01 · claude-opus-4-6

Analysis: First Draft of PG 19 Release Notes — Role/Function Miscategorization Fix

Core Problem

The PostgreSQL 19 release notes contained an inaccuracy in describing a security/privilege enhancement. The release notes item described pg_read_all_data and pg_write_all_data as functions, when they are actually predefined roles (system roles). This matters because:

  1. Semantic precision: Roles and functions are fundamentally different PostgreSQL objects. Roles are authentication/authorization principals in the catalog (pg_authid), while functions are executable routines (pg_proc). Conflating them misleads users about what was actually changed.

  2. Categorization in release notes: The item was placed under the "Functions" section of the release notes, which is architecturally wrong. The feature in question (commit d98197602) extended the privileges of the pg_read_all_data and pg_write_all_data predefined roles to also cover large objects. Previously, these roles granted read/write access to all tables, views, and sequences, but large objects were excluded. The fix extends the privilege scope to include large objects, enabling non-superusers with these roles to successfully run pg_dump on databases containing large objects.

  3. Practical impact: This feature is important for operational security — it allows organizations to run logical backups via pg_dump without granting superuser privileges, which is a long-standing best practice gap. Miscategorizing or misdescribing it in the release notes could cause DBAs to overlook it.

The Underlying Feature (commit d98197602)

The actual code change (by Nitin Motiani and Nathan Bossart) modified the large object access control checks to recognize membership in pg_read_all_data and pg_write_all_data. Large objects in PostgreSQL have their own ACL mechanism (via pg_largeobject_metadata) that is separate from table-level privileges. The predefined roles were originally introduced in PostgreSQL 14 but did not cover large objects, creating a gap where pg_dump would fail on databases with large objects unless run as superuser.

Resolution

The release notes were corrected in two ways:

  1. Rewording: The description was changed to correctly identify pg_read_all_data and pg_write_all_data as roles rather than functions.
  2. Recategorization: The item was moved from the "Functions" section to the "Server Configuration" section (which in PostgreSQL release notes conventions covers authentication, roles, and privileges).

Technical Significance

This is a minor editorial fix, but it highlights the importance of precise terminology in PostgreSQL documentation. The release notes serve as the primary reference for upgrade planning, and miscategorization can cause features to be missed during review by DBAs who scan only relevant sections.