3.27. Roles

PostgreSQL implements part of its access control using roles. These entities can own a set of privileges over the database objects and can be configured as a single user or a group of users. One particularity for roles is that, unlike the majority of objects, they are created at the database cluster level. In other words, a role is not associated with a specific database but with the server as a whole.

Attribute Description
Password Defines a password for the role. This attribute is used when the attribute Can Login is checked.
Encrypted Indicates that the password should be encrypted.
Validity Specifies an expiration date for the role. When the validity expires the role has its password invalidated and the user will not be able to login using that role. By default, a role doesn't expire.
Connections Specifies the number of concurrent connections the role can open. This attribute is used only if the role can log in to the server.
Attributes A set of attributes assigned to the role. The Superuser tells that the roles have full control over the server. Can create Database indicates that the role has permission to create databases. Can create Role defines that the role can create other roles on the server. Inherit Permissions indicates that the role will inherit privileges from the roles listed in the Member of tab. Can Login tells that the user can log in to the server. Can use Replication indicates that the role is able to control the replication feature on the server. Bypass RLS indicates that the role bypasses any row-level security on tables.
Members This tab is used to include some other roles as members of the one being handled.
Admin option This tab is used to indicate which roles have the ADMIN OPTION over the role being handled. This option permits the listed roles to add new members to the one being edited.
Member of This tab is used to quickly associate the currently handled role as a member of the ones listed in the grid.

Jun 29, 2023 at 15:08