> The question is not whether it can be done at the execution time but
> whether it should be. IIRC, the SQL spec explicitly requires
> permissions to be checked at the prepare time. And it makes a lot of
> sense to me.

This fits very well the model where role is specified at connect time.
However, if we allow to change the role at runtime, we have either to
invalidate all prepared statements or to check the permissions, etc.

So, _if_ we consider Jim's proposal for implementation, then also
permission management should be changed.

Roman