Difficulty transferring ownership of DB objects away from Neon managed roles
Hi all,
I'm pretty new to postgres and I'm far from a DB expert so please bear with me if I haven't got something quite right technically!
I'm seeking some guidance on some changes I aim to make to permissions/access in the paid Neon postgres db I use.
I don't think it should make any difference in this context, but my DB also has PostGIS installed.
Anyhow, when our DB was initially configured, it was structured with three main schemas roughly following the dev/test/prod pattern, in addition to three roles/users (again roughly dev/test/prod) created in the Neon console and as such they are Neon superusers. Having read the Neon docs on managing database access, it's apparent that the initial configuration of our DB didn't involve the creation of DB managed roles for day-to-day work. As a result in our DB all objects are owned by either one or another Neon managed role.
I'm trying to migrate to using DB managed roles. The creation of the roles and associated permissions is easy enough, but I'm running into the issue that none of the Neon managed roles appear to have sufficient privileges to change the ownership of the existing DB objects. This is causing issues such that the new DB managed roles can't access existing objects/tables.
I guess it would be possible to create new tables etc with the correct owner as a DB managed role/user and dropping the old objects, but this seems like a really messy way of correcting object ownership.
From what I can tell the only user in our DB with full postgres superuser privileges sufficient to make this change is "cloud_admin", and I'm guessing that's a Neon administrative role which can't be used.
I haven't contacted Neon support yet as I don't currently have access to our Neon console - I'm just investigating at this stage. Would Neon support be able to assist with this? Are there any other options which I might not be aware of?
Any guidance would be greatly appreciated!
5 Replies
stormy-gold•4mo ago
Hi, yes, Neon Support can assist with this. Please open a ticket here: https://console.neon.tech/app/projects?modal=support
fascinating-indigo•4mo ago
Definitely keen to understand what our options are here
Just FYI Looks like our support ticket was removed after Ed created it above
stormy-gold•4mo ago
Oh, I wonder what happened. Are you on a paid plan? Do you have the support ticket number?
afraid-scarletOP•4mo ago
@Daniel No, I'm not able to find any record of the customer service rep who asked me to create a ticket previously; I can't find that message now
stormy-gold•4mo ago
I recommend opening another ticket. Note the 4-digit ticket number in case you need to check on it. https://console.neon.tech/app/projects?modal=support
I don't think you can alter the database owner, but support could do this for you.