On 8/7/20 12:40 PM, Adrian Klaver wrote:
On 8/7/20 12:27 PM, Scott Ribe wrote:
On Aug 7, 2020, at 1:08 PM, Adrian Klaver <adrian.klaver@xxxxxxxxxxx>
wrote:
"Using this command, it is possible to either add privileges or
restrict one's privileges. If the session user role has the INHERIT
attribute, then it automatically has all the privileges of every role
that it could SET ROLE to; in this case SET ROLE effectively drops
all the privileges assigned directly to the session user and to the
other roles it is a member of, leaving only the privileges available
to the named role. On the other hand, if the session user role has
the NOINHERIT attribute, SET ROLE drops the privileges assigned
directly to the session user and instead acquires the privileges
available to the named role.
"
So it would only have removed privs if I had used set role in the
session, which I am not.
See Tom's answer. To confirm do:
SELECT
s.setdatabase,
s.setrole,
rolname,
s.setconfig,
rolname ^^^^^^^ Surplus to requirements
FROM
pg_db_role_setting AS s
JOIN pg_roles AS r ON r.oid = s.setrole;
Also log in as 'akanzler' to psql and do:
select session_user;
select current_user;
--
Adrian Klaver
adrian.klaver@xxxxxxxxxxx
