3.23. Roles

PostgreSQL implements part of its access control using roles. These entities can own a set of privileges over the database objects and can be configured as a single user or a group of users. One particularity for roles is that, unlike the majority of objects, they are created at database cluster level. In other words, a role is not associated with a specific database but to the server as a whole.

Attribute Description
Password Defines a password for the role. This attribute is used when the attribute Can Login is checked.
Encrypted Indicates that the password should be encrypted.
Validity Specifies an expiration date for the role. When the validity expires the role has its password invalidated and the user will not be able to login using that role. By default, a role doesn't expire.
Connections Specifies a number of concurrent connections the role can open. This attribute is used only if the role can login to the server.
Attributes A set of attributes assigned to the role. The Superuser tells that the roles has full control over the server. Can create Database indicates that the role has permission to create databases. Can create Role defines that the role can create other roles on the server. Inherit Permissions indicates that the role will inherit privileges from the roles listed in Member of tab. Can Login tells that the user can login on the server. Can use Replication indicates that the role is able to control the replication feature on the server. Bypass RLS indicates that the role bypasses any row level security on tables.
Members This tab is used to include some other roles as members of the one being handled.
Member of This tab is used to indicate which roles the one being handled is part of.
Members (Admin) This tab is used to indicate which roles have the ADMIN OPTION over the role being handled. This option permits the listed roles to add new members to the one being edited.

Jul 6, 2018 at 11:41