On Thu, Jan 23, 2025 at 03:10:16PM -0500, Tom Lane wrote: > That line of reasoning leads to the same conclusion, that another > built-in role might be a suitable solution --- unless said role is > so powerful that the service providers might want to block access > to it too. Probably limiting it to manage non-superuser roles is > good enough for that, but I'm not quite sure.
IMHO it's reasonable to expect service providers to adjust the predefined roles if the stock limitations are not sufficient for them. -- nathan