insufficient_privilege permission denied to set role “…” — 42501

Symptoms

A SET ROLE targeted a role the current user is not a member of. PostgreSQL raises SQLSTATE 42501 (insufficient_privilege).

• The current role lacks membership in the target role.
• Common when impersonating a group/owner role.
• Membership must be granted first.

What the server log shows

ERROR:  permission denied to set role "app_owner"

Why PostgreSQL raises this — what the manual says

the SET ROLE reference (Description):

“After SET ROLE, permissions checking for SQL commands is carried out as though the named role were the one that had logged in originally.”

SET ROLE lets a session assume a role it is a member of. Without membership (and absent superuser status), PostgreSQL blocks the switch with 42501.

Common causes

• The current role is not a member of the target role.
• Trying to assume an unrelated role.
• Missing a GRANT role TO current_user.

How to fix it

1. Grant membership: GRANT app_owner TO current_user; (by an admin).
2. Connect as a role that is a member of the target.
3. Verify memberships: \du in psql.

Related & next steps

• SQLSTATE 42501 — Insufficient Privilege (full reference)
• Message: permission denied to create role
• Glossary: Role

Reference: PostgreSQL 18 — SET ROLE.