Scott Ribe <scott_ribe@xxxxxxxxxxxxxxxx> writes: > So it would only have removed privs if I had used set role in the session, which I am not. Yes, you are. It looks like what you actually issued is ALTER USER akanzler SET role confidential_read_only; but that would have the effect that subsequent session starts would automatically do "SET ROLE confidential_read_only". regards, tom lane
