Each permanent database user has a default role that is active for every user session. Users have access to other roles to which they have membership using the following requests:
- SET ROLE role_name activates a specific role
- SET ROLE ALL activates all roles
Directory users, including auto provisioned directory users, can also use the SET ROLE role_name or SET ROLE ALL request to enable their mapped permanent user roles in addition to their external roles.
After changing the active role for a session, directory users can revert back to the initial set of directory-assigned roles by issuing a new request, SET ROLE EXTERNAL.
When a directory user has a large number of role mappings, the user can enhance performance by selecting a single role, using the SET ROLE role_name request, so the system does not have to authorize all the role privileges for the user.