Keith <keithcelt@xxxxxxxxx> writes: > It seems that the 'superuser' part of my 'leads' group > role is not functioning (code below). It appears that > the security settings are at least partially > transitive as I have one group role nested within the > other and I am able to access the appropriate > resources. The problem is that only a superuser or the > owner of a table can drop it and even though I am > supposed to be a superuser, I cannot drop the table! Then you're not a superuser ;-) I gather from your example that you are expecting superuserness to inherit through role membership. It doesn't, and neither do the other "special" privileges managed via CREATE/ALTER ROLE. It's arguable whether this is a good policy for eg. CREATEDB, but personally I think it's the right behavior for the superuser bit. When you pass out the keys to the kingdom, you want to pass 'em out one recipient at a time, eh? regards, tom lane
