Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <pgsql-performance-owner+archive@lists.postgresql.org>)
	id 1wBe12-001FRQ-01
	for pgsql-performance@arkaria.postgresql.org;
	Sat, 11 Apr 2026 19:29:12 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.96)
	(envelope-from <pgsql-performance-owner+archive@lists.postgresql.org>)
	id 1wBe0z-0007wq-2p
	for pgsql-performance@arkaria.postgresql.org;
	Sat, 11 Apr 2026 19:29:10 +0000
Received: from makus.postgresql.org ([2001:4800:3e1:1::229])
	by malur.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <tgl@sss.pgh.pa.us>)
	id 1wBe0z-0007wi-1t
	for pgsql-performance@lists.postgresql.org;
	Sat, 11 Apr 2026 19:29:10 +0000
Received: from sss.pgh.pa.us ([68.162.161.243])
	by makus.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.98.2)
	(envelope-from <tgl@sss.pgh.pa.us>)
	id 1wBe0y-00000000X5d-1jXj
	for pgsql-performance@lists.postgresql.org;
	Sat, 11 Apr 2026 19:29:09 +0000
Received: from sss1.sss.pgh.pa.us (localhost [127.0.0.1])
	by sss.pgh.pa.us (8.15.2/8.15.2) with ESMTP id 63BJT6sd037591;
	Sat, 11 Apr 2026 15:29:06 -0400
From: Tom Lane <tgl@sss.pgh.pa.us>
To: "David G. Johnston" <david.g.johnston@gmail.com>
cc: ikramuddin <ikram.amani815@gmail.com>,
        pgsql-performance@lists.postgresql.org
Subject: Re: how to switch user in postgres
In-reply-to: 
 <CAKFQuwaFHzyqZTPsiQRWyucy0jov9MpbvtcMGSyTE6nsBySLPQ@mail.gmail.com>
References: 
 <CAL9MbytWDzHYHPo31AeR=-ZcCKfQr8uXQitFNe0nehAvLze7PA@mail.gmail.com>
 <CAKFQuwaFHzyqZTPsiQRWyucy0jov9MpbvtcMGSyTE6nsBySLPQ@mail.gmail.com>
Comments: In-reply-to "David G. Johnston" <david.g.johnston@gmail.com>
	message dated "Sat, 11 Apr 2026 11:33:58 -0700"
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-ID: <37589.1775935746.1@sss.pgh.pa.us>
Content-Transfer-Encoding: 8bit
Date: Sat, 11 Apr 2026 15:29:06 -0400
Message-ID: <37590.1775935746@sss.pgh.pa.us>
List-Id: <pgsql-performance.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-performance@lists.postgresql.org>
List-Owner: <mailto:pgsql-performance-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-performance>
Archived-At: 
 <https://www.postgresql.org/message-id/37590.1775935746%40sss.pgh.pa.us>
Precedence: bulk

"David G. Johnston" <david.g.johnston@gmail.com> writes:
> This seems quite misplaced on the -performance mailing list.

Indeed.

> On Sat, Apr 11, 2026 at 10:55 AM ikramuddin <ikram.amani815@gmail.com>
> wrote:
>> plz guide it is a bug or this behavious left intentionally.

> Intentional, every object has its own permissions that are granted to roles
> independently of others.

Also, "REVOKE CONNECT ON DATABASE finance FROM simon" is probably a
no-op, because nobody ever did "GRANT CONNECT ON DATABASE finance TO
simon".  Rather, the reason simon can connect is that there's a
default "GRANT CONNECT ... TO public".  If you want to restrict
CONNECT privileges, you have to revoke that and then hand out
the privilege selectively to users that should have it.

			regards, tom lane