Any way to have CREATEUSER privs without having all privs?

I've got a user with CREATEUSER privs.  I've not granted that user and DB
specific privs but it can do what it will with non-public schemas...  Is
there a user that can do SET SESSION AUTHORIZATION but does not have privs
otherwise?

Basically I want a login user that can then set session auth... to any other
user but otherwise has no privs.  (Having createuser is acceptable.)  I'm
looking into a way to give connection pooled access to a web site
(connections must have the same user/pw info to be pooled) but to then
enforce DB-level security.  I do not want the account that the web container
uses to access the db to have any db-level privs.

(I.e., rather than the Unix "root" account, something more like VMS (now
Windows NT) user privs. VMS users had a "set priv" privilege which, of
course, could indirectly give the holder of that priv any other priv.  But
only indirectly.  It has some benefits.)

Thanks,

== Ezra Epstien