Using this command, it is possible to either add privileges or restrict one’s privileges. If the session user role has the INHERITS
attribute, then it automatically has all the privileges of every role that it could SET ROLE
to; in this case SET ROLE
effectively drops all the privileges assigned directly to the session user and to the other roles it is a member of, leaving only the privileges available to the named role. On the other hand, if the session user role has the NOINHERITS
attribute, SET ROLE
drops the privileges assigned directly to the session user and instead acquires the privileges available to the named role. In particular, when a superuser chooses to SET ROLE
to a non-superuser role, she loses her superuser privileges.