Glyn Astill <glynastill@yahoo.co.uk> wrote:
> Maybe the docs should be embellished to also say "since a
> superuser is automatically considered a member of any group, it
> should be taken into account that names with a + mark will affect
> all superusers (although this was not the case prior to 9.0)" or
> something along those lines.
That seems like a good idea to me. I can't help but think that
someone, somewhere is going to create a "suspended" role to assign
to logins which they want temporarily disabled, put that at the top
of pg_hba.conf, and not be amused by the results.
When I dig out from under some other issues, I'll put together a
docs patch to propose something like the above, if nobody beats me
to it.
-Kevin