Scott Ribe <scott_ribe@xxxxxxxxxxxxxxxx> writes: > So, one last follow-up, perhaps \du or \du+ should show when a role is mapped that way. If I'd seen a clue to this setting that had been made "before I got here" it would have been figured out sooner. \drds does already show this; of course, you have to know to look at it, but the same could be said of \du ... > I realize ALTER ROLE... SET... can be used to set many more defaults, and there could be some debate about how much to display with \du[+], but the fact that a role abandons all its privs and adopts a different set seems like pretty important info to surface ;-) IIRC, you aren't the first to get burnt this way. I've wondered for some time if we shouldn't forbid certain GUCs from being set via ALTER ROLE or ALTER DATABASE. "role" and "session authorization" are the poster children here but there might be others. On the other hand, if we do so somebody will likely complain that they have a legit use-case for it. regards, tom lane
