For all combinations of who/which/what, list who currently has which type of permissions for what objects in your most important database(s)? It shouldn’t be that hard to figure out, right? Would you be willing to bet your job that you have given a complete and correct answer, even if this were an open book test with access to the server and ample time? This talk seeks to dive deep into the weeds on the topic of how roles interact with Postgres default behaviors, role attributes, and object privileges, resulting in a particular discretionary access control (DAC) security posture.