After cloning a database, what is true about privileges for roles?

Clones are zero-copy copies of a database, but access controls don’t automatically duplicate at every level. Privileges are organized into database-level rights (which grant access to the database as a whole) and object-level rights (grants on schemas, tables, and other objects inside the database). When you clone a database, the clone is a separate database object. The database-level privileges that a role had on the original don’t automatically carry over to the clone, so that role can lose those database-level rights on the cloned database unless you re-grant them. However, the grants on the child objects inside the database (schemas, tables, views, etc.) are preserved on the clone, so the role keeps its object-level access to those items without needing to re-grant. In practice, you’d re-grant the necessary database-level privileges on the clone if you want the same container-wide access, while the existing object-level privileges on the child objects remain in effect.