"Florian G. Pflug" <fgp@xxxxxxxx> writes: > Why don't you just use "SET SESSION AUTHORIZATION somerole", and then scan > the to-be-executel sql scripts for any occurence of "reset session authorization", > and ignore the script it matches. What would probably be better is a way to do SET SESSION AUTHORIZATION and then abandon the underlying superuser privilege, thereby absolutely guaranteeing that the session can't do anything the selected userid shouldn't be able to do. You'd have to start a new session for each cronjob, but that would be a Really Good Idea anyway, given the lack of any way to fully restore a session to default state. regards, tom lane
