Kenneth Chin writes:

.... It seems to be that acl_users and PyGreSQL grant the user full access ONLY when they are Manager, regardless of the permissions enabled in their user defined roles.

Is this a bug or a feature, or have I misunderstood something here. This is probably a bug.

You can try to work around it with "local roles". Dieter