How do I inherit a role's priveleges?

Question

I have created an engineering role in psql, then created a user role. When I grant the engineering role to the user role, the user role does not get any of the privileges. Note that engineering was created with login privileges.

postgres=# create role johnnyb inherit;
CREATE ROLE
postgres=# grant engineering to johnnyb;
GRANT ROLE
postgres=# \du
                                      List of roles
  Role name  |                         Attributes                         |   Member of
-------------+------------------------------------------------------------+---------------
 engineering | Create role, Create DB                                     | {}
 johnnyb     | Cannot login                                               | {engineering}
 postgres    | Superuser, Create role, Create DB, Replication, Bypass RLS | {}

The inherit keyword seems to have no effect. What am I missing? I'd like to be able to grant engineering priveleges to a few users (to start).

Answer 1

LOGIN is a special privilage that is not inherited. Test your inheritance out based on permissions to database objects, such as SELECT on a table, it should work fine. Ensure that when you are testing you know what the permissions are for public to avoid any gotchas.

From The manual

The role attributes LOGIN, SUPERUSER, CREATEDB, and CREATEROLE can be thought of as special privileges, but they are never inherited as ordinary privileges on database objects are. You must actually SET ROLE to a specific role having one of these attributes in order to make use of the attribute. Continuing the above example, we might choose to grant CREATEDB and CREATEROLE to the admin role. Then a session connecting as role joe would not have these privileges immediately, only after doing SET ROLE admin.