Scott Ribe <scott_r...@elevated-dev.com> writes: > So it would only have removed privs if I had used set role in the session, > which I am not.
Yes, you are. It looks like what you actually issued is
ALTER USER akanzler SET role confidential_read_only;
but that would have the effect that subsequent session starts would
automatically do "SET ROLE confidential_read_only".
regards, tom lane
