On 10/4/21, 7:08 PM, "Stephen Frost" <sfr...@snowman.net> wrote: > I really think we need to stop addressing roles explicitly as > 'superuser' vs. 'non-superuser', because a non-superuser role can be > GRANT'd a superuser role, which makes that distinction really not > sensible. This has continued to be a problem and we need to cleanly > address it. Not sure exactly how to do that today but it's certainly an > issue.
Agreed. Maybe one option is to convert most of the role attributes to be predefined roles. Then we could just check for membership in pg_superuser instead of trying to deal with membership in roles that have the SUPERUSER attribute. Nathan
