Scott Ribe <scott_ribe@elevated-dev.com> writes:
> So it would only have removed privs if I had used set role in the session, which I am not.
Yes, you are. It looks like what you actually issued is
ALTER USER akanzler SET role confidential_read_only;
but that would have the effect that subsequent session starts would
automatically do "SET ROLE confidential_read_only".
regards, tom lane