Scott Ribe <scott_ribe@elevated-dev.com> writes:
> So, one last follow-up, perhaps \du or \du+ should show when a role is mapped that way. If I'd seen a clue to this
settingthat had been made "before I got here" it would have been figured out sooner.
\drds does already show this; of course, you have to know to look at it,
but the same could be said of \du ...
> I realize ALTER ROLE... SET... can be used to set many more defaults, and there could be some debate about how much
todisplay with \du[+], but the fact that a role abandons all its privs and adopts a different set seems like pretty
importantinfo to surface ;-)
IIRC, you aren't the first to get burnt this way. I've wondered for some
time if we shouldn't forbid certain GUCs from being set via ALTER ROLE or
ALTER DATABASE. "role" and "session authorization" are the poster
children here but there might be others. On the other hand, if we do so
somebody will likely complain that they have a legit use-case for it.
regards, tom lane