What about LOGIN option? It is a similar access restriction, but it works for superuser.
=# create role nologin_role superuser nologin unencrypted password '1234';
CREATE ROLE
Time: 1.230 ms
~ $ psql postgres -U nologin_role -h localhost
Password for user nologin_role:
psql: FATAL: role "nologin_role" is not permitted to log in
IMHO it does not fit this logic.
> 7 нояб. 2018 г., в 17:45, Tom Lane <tgl@sss.pgh.pa.us> написал(а):
>
> Robert Haas <robertmhaas@gmail.com> writes:
>> I don't think we should consider something that prevents you from
>> connecting to the database to be in the same category as something
>> that limits what you can do once you are connected. IOW, +1 to the
>> original proposal from me.
>
> I'd vote against. I think there are way more cases where this would
> create a problem than where it would fix one.
>
> regards, tom lane
>
