Restoring Users and Roles

When you restore a database, you can restore all or none of the following security-related objects and artifacts for that database:
  • Users (not including superuser privileges)
  • Roles and membership in roles
  • ACLs
  • Ownership of database objects
  • Privileges granted to objects

Grants and ACLs on system views (sys schema) are not restored.

When making the choice to use --security-mode all or --security-mode none, keep the following considerations in mind:
  • Users and roles are system-wide objects. You do not create them within a single database, and they are often used across databases.
  • The target system for the restored database may not have or need the same user and role setup as the source system.
  • If you use --security-mode none, the restore operation creates a "backup" user on the target system. This user becomes the default owner of the restored database and its objects. The user name is constructed as follows:
    For example:

    The backup user is created with virtually no access to the system and the user's connection limit is set to zero. You can run ALTER USER and GRANT commands to modify the name, attributes, and privileges of this user.

  • When you use --security-mode all, superusers on the source system will be re-created as non-superusers on the target system. If necessary, you can run an ALTER USER command to give the SUPERUSER privilege back to the account.