<Michael.Dietrich@xxxxxxxxxxxx> writes: > What I've done > CREATE ROLE superrole WITH NOLOGIN SUPERUSER ..; > CREATE USER nosuperuser WITH LOGIN NOSUPERUSER INHERIT ..; > GRANT superrole TO nosuperuser WITH ADMIN OPTION; > REVOKE CONNECT ON DATABASE nonpublicdb FROM public ; > psql -d postgres -U nosupuser > postgres=# set role superrole; > postgres=# \c nonpublicdb > FATAL: permission denied for database " nonpublicdb " > DETAIL: User does not have CONNECT privilege. > I expect that the connection to the database is allowed since a role > with superuser is used. You're misunderstanding what psql's \c command does. In this form, it attempts a connection with the new database name, but the same username as the previous connection, ie nosupuser. It doesn't know anything about SET ROLE commands you may have issued to the server while connected. regards, tom lane
