> On Aug 7, 2020, at 12:45 PM, Tom Lane <tgl@sss.pgh.pa.us> wrote:
>
> If I'm reading this correctly, you have set things up so that any
> session logging in as akanzler will immediately do "SET ROLE
> confidential_read_only", after which it's the privileges of that
> role not akanzler that determine what happens.
YES, confidential_read_only has privs on everything *except* individual user's schemas, and rolinherit was accidentally
set,that would certainly seem to be the problem. But I turned that off, and it still doesn't work--even in a new
connection.
