postgresql – How do I see where postgres privileges are coming from for a role?

Im using google cloudsql but this is a more generic postgres question.

I have a role (that is already created and managed by cloudsql) called cloudsqliamserviceaccount.

The cloudsqliamserviceaccount role is not a member of any other roles.

Whenever I create a new postgres user (through GCP console or gcloud) they are added to this role. I CANNOT remove them from the role because it will break the cloudsql IAM integration.

The cloudsqliamserviceaccount role has very sweeping permissions. It can connect to and do CRUD on all DBs. But I’m not sure how to see its full list of permissions.

In short I have this role “cloudsqliamserviceaccount”. How do I see what it has access to? I gets CRUD automatically for every new database I create, but its not a member of any other role. Where is this permission coming from and how do I see that?

actions – Update a custom role with new capabilities

I have created a custom user role for a site where the role can do almost anything an administrator can do minus a few capabilities like:
-Update, Delete, Upload plugins
-Change, Delete, Upload Themes,
-Update core
And some more.

After creating the role and setting up the first capabilities to be deleted, I couldn’t change any more capabilities after the first try.

I read some stuff about deleting the role and then adding it back. But that means I have to reassign a user role every time I add or delete capabilities to a custom user role?

My code i have here.

add_action('after_setup_theme', function() {
if ( ! get_option('wpc_roles_created') ) {
    $medebeheerder_caps = get_role('administrator')->capabilities;
    $unwanted_caps = (
        'activate_plugins' => 1,
        'delete_plugins' => 1,
        'install_plugins' => 1,
        'update_plugins' => 1,
        'edit_theme_options' => 1,
        'install_themes' => 1,
        'update_core' => 1,
        'delete_themes' => 1,
        'update_themes' => 1,
        'edit_themes' => 1,
    $medebeheerder_caps = array_diff_key($medebeheerder_caps, $unwanted_caps);
    remove_role( 'medebeheerder' );
    add_role('medebeheerder', 'Medebeheerder', $medebeheerder_caps);
    update_option('wpc_roles_created', true);


What would be a good practice to solve this? I probably not change capabilities daily, but when I do id want it to work after changing the code.

Pre-Fix Order Numbers by User Role

I currently have orders set with the pre-fix “W” for Wholesale orders to differentiate them from Retail orders. However, we have a few different wholesale roles and I would like to be able to differentiate those orders with a pre-fix as well. Is there a way to code a special pre-fix based on user role? The role in particular would be for a wholesale role labeled as employee. Since Employee falls under the Wholesale Role, it is getting the W prefix to their orders. I would like all other wholesale orders to have the W prefix, Employee orders to have an E prefix, and all retail orders to have no prefix (remain as-is).

Here is the snippet that works for wholesale orders to have the W prefix:

add_filter( ‘woocommerce_order_number’, ‘change_woocommerce_order_number’ );
function change_woocommerce_order_number( $order_id ) {

$prefix = 'W'; //The Prefix 
$order_type = get_post_meta( $order_id, '_wwpp_order_type',true); //get Wholesale Order Type

 if ($order_type == 'wholesale') {
    $new_order_id = $prefix . $order_id;
    return $new_order_id;
return $order_id;


Register on two different role profiles simultaneously

I searched everywhere but i have not found a clear solution to my problem
I have a listing theme with two profiles (roles): Company and Employee and I installed it a job offer plugin with two profiles Employer and Employee
How to do so that if someone register with an enterprise profile will be automatically registered on the employer profile and the same for employee

postgresql – Possible to disable THE postgres role?

Postgresql 9.6, if it matters.

We have an audit finding which says that the “postgres” role must not be used at all.

After creating a new SUPERUSER role, is it possible to disable role “postgres” (or do some jobs like autovacuum/autoanalyze require it)? If they are the only ones which need it, I could disable autovacuum/autoanalyze and rely on manual vacuums and analyze.