As to your very last point (suggestions about other approaches), is it impossible or impractical to migrate to a scheme in which each user actually has a data base role and their own password? Postgresql has really great facility for managing database authorization and access by means of login roles assignable membership in group roles. Why not let the tool do what it can already do very effectively? -- B
If you mean having each individual person having their own role, I'd say it's not impossible, impractical at the current moment but (probably) desirable and a longer-term goal. There's just an awful lot of logic that would have to be worked into the access control, as well as a way to create and maintain all the roles. Some day! Maybe! :)