PostgreSQL 8.2.23 Documentation | ||||
---|---|---|---|---|
Prev | Fast Backward | Chapter 43. System Catalogs | Fast Forward | Next |
The catalog pg_authid contains information about database authorization identifiers (roles). A role subsumes the concepts of "users" and "groups". A user is essentially just a role with the rolcanlogin flag set. Any role (with or without rolcanlogin) may have other roles as members; see pg_auth_members.
Since this catalog contains passwords, it must not be publicly readable. pg_roles is a publicly readable view on pg_authid that blanks out the password field.
Chapter 18 contains detailed information about user and privilege management.
Because user identities are cluster-wide, pg_authid is shared across all databases of a cluster: there is only one copy of pg_authid per cluster, not one per database.
Table 43-8. pg_authid Columns
Name | Type | Description | |
---|---|---|---|
rolname | name | Role name | |
rolsuper | bool | Role has superuser privileges | |
rolinherit | bool | Role automatically inherits privileges of roles it is a member of | |
rolcreaterole | bool | Role may create more roles | |
rolcreatedb | bool | Role may create databases | |
rolcatupdate | bool | Role may update system catalogs directly. (Even a superuser may not do this unless this column is true) | |
rolcanlogin | bool | Role may log in. That is, this role can be given as the initial session authorization identifier | |
rolconnlimit | int4 | For roles that can log in, this sets maximum number of concurrent connections this role can make. -1 means no limit | |
rolpassword | text | Password (possibly encrypted); NULL if none | |
rolvaliduntil | timestamptz | Password expiry time (only used for password authentication); NULL if no expiration | |
rolconfig | text[] | Session defaults for run-time configuration variables |