MIME-Version: 1.0
From: ikramuddin <ikram.amani815@gmail.com>
Date: Sat, 11 Apr 2026 23:25:31 +0530
Message-ID: 
 <CAL9MbytWDzHYHPo31AeR=-ZcCKfQr8uXQitFNe0nehAvLze7PA@mail.gmail.com>
Subject: how to switch user in postgres
To: pgsql-performance@lists.postgresql.org
Content-Type: multipart/alternative; boundary="000000000000668c17064f32f5a2"
Archived-At: 
 <https://www.postgresql.org/message-id/CAL9MbytWDzHYHPo31AeR%3D-ZcCKfQr8uXQitFNe0nehAvLze7PA%40mail.gmail.com>
Precedence: bulk

--000000000000668c17064f32f5a2
Content-Type: text/plain; charset="UTF-8"

hi team,
As i was working through postgresql user and role privileges i faced an
unexpected behavious when we revoke connect on database from a user then
why still we need to revoke usage on schema basis and then revoke select ,
insert , update privileges at table table. second when i did all this one
by one and then tried to connect to same database using \c database_name
user_name, it failed that is perfect which i expected but when i tried to
connect through postgres as a superuser it connect still it is fine. but
then i write the command set role simon it connected even i revoked the
connect privileges from the role . plz guide it is a bug or this
behavious left intentionally.
finance=> SET ROLE postgres;
SET
finance=# REVOKE CONNECT ON DATABASE finance FROM simon;
REVOKE
finance=# set role simon;
SET
finance=> SELECT * FROM accounting.invoices;
 invoice_id | invoice_date | amount
------------+--------------+--------
          1 | 2024-03-15   | 250.50
          2 | 2024-01-20   | 110.99
          3 | 2024-03-29   |   1000
(3 rows)

finance=> SET ROLE postgres;
SET
finance=# REVOKE CONNECT ON DATABASE finance FROM simon; REVOKE USAGE ON
SCHEMA accounting FROM simon; REVOKE SELECT, INSERT, UPDATE, DELETE ON
accounting.invoices FROM simon;
REVOKE
REVOKE
REVOKE
finance=# CREATE ROLE accounting_ro NOLOGIN; GRANT CONNECT ON DATABASE
finance TO accounting_ro; GRANT USAGE ON SCHEMA accounting TO
accounting_ro; GRANT SELECT ON ALL TABLES IN SCHEMA accounting TO
accounting_ro;
CREATE ROLE
GRANT
GRANT
GRANT
finance=# CREATE TABLE accounting.customers(   customer_id serial PRIMARY
KEY,   name TEXT,   address TEXT );
CREATE TABLE
finance=# SET ROLE simon;
SET
finance=> select current_user;
 current_user
--------------
 simon
(1 row)

finance=> reset role'
finance'> ;
finance'> ';
ERROR:  syntax error at or near "'
;
'"
LINE 1: reset role'
                  ^
finance=> reset role;
RESET
finance=# \l
                                                       List of databases
   Name    |  Owner   | Encoding | Locale Provider |   Collate   |    Ctype
   | Locale | ICU Rules |    Access privileges
-----------+----------+----------+-----------------+-------------+-------------+--------+-----------+--------------------------
 finance   | postgres | UTF8     | libc            | en_US.UTF-8 |
en_US.UTF-8 |        |           | =Tc/postgres            +
           |          |          |                 |             |
    |        |           | postgres=CTc/postgres   +
           |          |          |                 |             |
    |        |           | accounting_ro=c/postgres
 postgres  | postgres | UTF8     | libc            | en_US.UTF-8 |
en_US.UTF-8 |        |           |
 template0 | postgres | UTF8     | libc            | en_US.UTF-8 |
en_US.UTF-8 |        |           | =c/postgres             +
           |          |          |                 |             |
    |        |           | postgres=CTc/postgres
 template1 | postgres | UTF8     | libc            | en_US.UTF-8 |
en_US.UTF-8 |        |           | =c/postgres             +
           |          |          |                 |             |
    |        |           | postgres=CTc/postgres
(4 rows)

finance=# revoke connect on database finance from simon;
REVOKE
finance=# \c postgres
You are now connected to database "postgres" as user "postgres".
postgres=# revoke connect on database finance from simon;
REVOKE
postgres=# \c finance simon;
connection to server on socket "/run/postgresql/.s.PGSQL.5432" failed:
FATAL:  Peer authentication failed for user "simon"
Previous connection kept
postgres=# \c finance
You are now connected to database "finance" as user "postgres".
finance=# \c postgres
You are now connected to database "postgres" as user "postgres".
postgres=# \c finance postgres
You are now connected to database "finance" as user "postgres".
finance=#
finance=# set role simon
finance-# ;
SET
finance=> select current_role;
 current_role
--------------
 simon
(1 row)

finance=> SELECT * FROM accounting.invoices;
ERROR:  permission denied for schema accounting
LINE 1: SELECT * FROM accounting.invoices;
                      ^
finance=> ^C

thanks and regards
Ikramuddin Database lead.

--000000000000668c17064f32f5a2
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">hi team,<div>As i was working through postgresql user and =
role privileges=C2=A0i faced an unexpected behavious=C2=A0when we revoke co=
nnect on database from a user then why still we need to revoke usage on sch=
ema basis and then revoke select , insert , update=C2=A0privileges at table=
 table. second when i did all this one by one and then tried to connect to =
same database using \c database_name=C2=A0 user_name, it failed that is per=
fect which i expected but when i tried to connect through postgres as a sup=
eruser it connect still it is fine. but then i write the command set role s=
imon it connected even i revoked the connect privileges from the role . plz=
 guide it is a bug or this behavious=C2=A0left intentionally.</div><div>fin=
ance=3D&gt; SET ROLE postgres;<br>SET<br>finance=3D# REVOKE CONNECT ON DATA=
BASE finance FROM simon;<br>REVOKE<br>finance=3D# set role simon;<br>SET<br=
>finance=3D&gt; SELECT * FROM accounting.invoices;<br>=C2=A0invoice_id | in=
voice_date | amount<br>------------+--------------+--------<br>=C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 1 | 2024-03-15 =C2=A0 | 250.50<br>=C2=A0 =C2=A0 =
=C2=A0 =C2=A0 =C2=A0 2 | 2024-01-20 =C2=A0 | 110.99<br>=C2=A0 =C2=A0 =C2=A0=
 =C2=A0 =C2=A0 3 | 2024-03-29 =C2=A0 | =C2=A0 1000<br>(3 rows)<br><br>finan=
ce=3D&gt; SET ROLE postgres;<br>SET<br>finance=3D# REVOKE CONNECT ON DATABA=
SE finance FROM simon; REVOKE USAGE ON SCHEMA accounting FROM simon; REVOKE=
 SELECT, INSERT, UPDATE, DELETE ON accounting.invoices FROM simon;<br>REVOK=
E<br>REVOKE<br>REVOKE<br>finance=3D# CREATE ROLE accounting_ro NOLOGIN; GRA=
NT CONNECT ON DATABASE finance TO accounting_ro; GRANT USAGE ON SCHEMA acco=
unting TO accounting_ro; GRANT SELECT ON ALL TABLES IN SCHEMA accounting TO=
 accounting_ro;<br>CREATE ROLE<br>GRANT<br>GRANT<br>GRANT<br>finance=3D# CR=
EATE TABLE accounting.customers( =C2=A0 customer_id serial PRIMARY KEY, =C2=
=A0 name TEXT, =C2=A0 address TEXT );<br>CREATE TABLE<br>finance=3D# SET RO=
LE simon;<br>SET<br>finance=3D&gt; select current_user;<br>=C2=A0current_us=
er<br>--------------<br>=C2=A0simon<br>(1 row)<br><br>finance=3D&gt; reset =
role&#39;<br>finance&#39;&gt; ;<br>finance&#39;&gt; &#39;;<br>ERROR: =C2=A0=
syntax error at or near &quot;&#39;<br>;<br>&#39;&quot;<br>LINE 1: reset ro=
le&#39;<br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 ^=
<br>finance=3D&gt; reset role;<br>RESET<br>finance=3D# \l<br>=C2=A0 =C2=A0 =
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0List of databases<br>=C2=A0 =C2=A0Name =
=C2=A0 =C2=A0| =C2=A0Owner =C2=A0 | Encoding | Locale Provider | =C2=A0 Col=
late =C2=A0 | =C2=A0 =C2=A0Ctype =C2=A0 =C2=A0| Locale | ICU Rules | =C2=A0=
 =C2=A0Access privileges<br>-----------+----------+----------+-------------=
----+-------------+-------------+--------+-----------+---------------------=
-----<br>=C2=A0finance =C2=A0 | postgres | UTF8 =C2=A0 =C2=A0 | libc =C2=A0=
 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0| en_US.UTF-8 | en_US.UTF-8 | =C2=A0 =C2=
=A0 =C2=A0 =C2=A0| =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 | =3DTc/postgres =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0+<br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0| =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0| =C2=A0 =C2=A0 =C2=A0 =C2=A0=
 =C2=A0| =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 | =C2=A0 =
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 | =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 | =C2=A0 =C2=A0 =C2=A0 =C2=A0| =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 | pos=
tgres=3DCTc/postgres =C2=A0 +<br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0|=
 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0| =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0| =
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 | =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 | =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 | =C2=
=A0 =C2=A0 =C2=A0 =C2=A0| =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 | accounting_r=
o=3Dc/postgres<br>=C2=A0postgres =C2=A0| postgres | UTF8 =C2=A0 =C2=A0 | li=
bc =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0| en_US.UTF-8 | en_US.UTF-8 | =
=C2=A0 =C2=A0 =C2=A0 =C2=A0| =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 |<br>=C2=A0=
template0 | postgres | UTF8 =C2=A0 =C2=A0 | libc =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0| en_US.UTF-8 | en_US.UTF-8 | =C2=A0 =C2=A0 =C2=A0 =C2=A0|=
 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 | =3Dc/postgres =C2=A0 =C2=A0 =C2=A0 =
=C2=A0 =C2=A0 =C2=A0 +<br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0| =C2=A0=
 =C2=A0 =C2=A0 =C2=A0 =C2=A0| =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0| =C2=A0 =
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 | =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 | =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 | =C2=A0 =C2=
=A0 =C2=A0 =C2=A0| =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 | postgres=3DCTc/post=
gres<br>=C2=A0template1 | postgres | UTF8 =C2=A0 =C2=A0 | libc =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0| en_US.UTF-8 | en_US.UTF-8 | =C2=A0 =C2=A0 =
=C2=A0 =C2=A0| =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 | =3Dc/postgres =C2=A0 =
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 +<br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =
=C2=A0| =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0| =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0| =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 | =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 | =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0=
 | =C2=A0 =C2=A0 =C2=A0 =C2=A0| =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 | postgr=
es=3DCTc/postgres<br>(4 rows)<br><br>finance=3D# revoke connect on database=
 finance from simon;<br>REVOKE<br>finance=3D# \c postgres<br>You are now co=
nnected to database &quot;postgres&quot; as user &quot;postgres&quot;.<br>p=
ostgres=3D# revoke connect on database finance from simon;<br>REVOKE<br>pos=
tgres=3D# \c finance simon;<br>connection to server on socket &quot;/run/po=
stgresql/.s.PGSQL.5432&quot; failed: FATAL: =C2=A0Peer authentication faile=
d for user &quot;simon&quot;<br>Previous connection kept<br>postgres=3D# \c=
 finance<br>You are now connected to database &quot;finance&quot; as user &=
quot;postgres&quot;.<br>finance=3D# \c postgres<br>You are now connected to=
 database &quot;postgres&quot; as user &quot;postgres&quot;.<br>postgres=3D=
# \c finance postgres<br>You are now connected to database &quot;finance&qu=
ot; as user &quot;postgres&quot;.<br>finance=3D#<br>finance=3D# set role si=
mon<br>finance-# ;<br>SET<br>finance=3D&gt; select current_role;<br>=C2=A0c=
urrent_role<br>--------------<br>=C2=A0simon<br>(1 row)<br><br>finance=3D&g=
t; SELECT * FROM accounting.invoices;<br>ERROR: =C2=A0permission denied for=
 schema accounting<br>LINE 1: SELECT * FROM accounting.invoices;<br>=C2=A0 =
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 ^<br>=
finance=3D&gt; ^C<br></div><div><br></div><div>thanks and regards</div><div=
>Ikramuddin Database lead.</div></div>

--000000000000668c17064f32f5a2--