This would simply REVOKE that role from the user. Privileges independently GRANT'd directly to the user wouldn't be affected. Nor would other role membership.
> What privileges would the user be left with? Would it be possible to end up in the same privilege only with a GRANT command?
What about:
REVOKE SELECT ON [table] FROM pg_read_all_data;
I guess what I’m really asking is whether pg_read_all_data is automatically granted SELECT on all newly-created relations, or if the permission checking system always returns TRUE when asked if pg_read_all_data can select from a relation? I’m guessing it’s the latter so that it would be ineffective to revoke select privilege as I think this is more useful, but I’d like to be sure and the documentation should be explicit on this point.