Andrew Dunstan <andrew(at)dunslane(dot)net> writes:
> On 5/13/21 7:38 PM, Bossart, Nathan wrote:
>> I've attached a small patch that allows specifying only direct members
>> of a group in pg_hba.conf.
> Do we really want to be creating two classes of role membership?
Yeah, this seems to be going against the clear meaning of the
SQL spec. I realize you can argue that pg_hba.conf doesn't have
to follow the spec, but it doesn't seem like a terribly good idea
to interpret role membership differently in different places.
regards, tom lane