create role 'manager';
grant manager to authenticator;
grant anon to manager;