> No, as I really have no idea what:
>
> "In production I hope to name the role with each connection as I want
> the search_path set by the connecting role. ..."
>
> means?
My apologies: I rely on the search_path being set according to the role
(--user).
Perhaps what I was missing is that the connection string uses both
username and certificate?
>
> I would point out this:
>
> https://www.postgresql.org/docs/12/auth-cert.html
>
> "User name mapping can be used to allow cn to be different from the
> database user name."
>
Just prior to that quote is
"The cn (Common Name) attribute of the certificate will be compared to
the requested database user name, and if they match the login will be
allowed."
which leads to me to believe I would need a cert per role.
> which leads to this:
>
> https://www.postgresql.org/docs/12/auth-username-maps.html
I don't think the mapping tricks help me, but happy to be convinced
otherwise.
I have specific roles accessing specific schemas via sql which is not
schema qualified.