Re: Connect to db denied for superuser inherited by group

Stephen Frost <sfrost@snowman.net> writes:
> * Michael.Dietrich@swisscom.com (Michael.Dietrich@swisscom.com) wrote:
>> 2) User without superuser privileges uses a role with superuser rights (usage confirmed with SHOW current_role.)

> Please provide more details about what this step #2 actually means.

If you mean that you did "GRANT superuserrole TO nonsuperuser", this
does not make "nonsuperuser" into a superuser; it merely allows
"nonsuperuser" to use whatever ordinary privileges might've been
granted to "superuserrole".  If you did that with the bootstrap
superuser, this would include ownership rights on all built-in
objects, so it'd still be pretty darn dangerous; but it does not
give the ability to ignore privileges for other objects.

            regards, tom lane