Stephen Frost <sfrost@xxxxxxxxxxx> writes: > * Michael.Dietrich@xxxxxxxxxxxx (Michael.Dietrich@xxxxxxxxxxxx) wrote: >> 2) User without superuser privileges uses a role with superuser rights (usage confirmed with SHOW current_role.) > Please provide more details about what this step #2 actually means. If you mean that you did "GRANT superuserrole TO nonsuperuser", this does not make "nonsuperuser" into a superuser; it merely allows "nonsuperuser" to use whatever ordinary privileges might've been granted to "superuserrole". If you did that with the bootstrap superuser, this would include ownership rights on all built-in objects, so it'd still be pretty darn dangerous; but it does not give the ability to ignore privileges for other objects. regards, tom lane
