pgAdmin 1.6 online documentation
The catalog pg_authid contains information about
database authorization identifiers (roles). A role subsumes the concepts
of “users” and “groups”. A user is essentially just a
role with the rolcanlogin flag set. Any role (with or
without rolcanlogin) may have other roles as members; see
pg_auth_members.
Since this catalog contains passwords, it must not be publicly readable.
pg_roles
is a publicly readable view on
pg_authid that blanks out the password field.
Chapter 18, Database Roles and Privileges contains detailed information about user and
privilege management.
Because user identities are cluster-wide,
pg_authid
is shared across all databases of a cluster: there is only one
copy of pg_authid per cluster, not
one per database.
Table 43.8. pg_authid Columns
| Name |
Type |
Description |
|
rolname |
name |
Role name |
|
rolsuper |
bool |
Role has superuser privileges |
|
rolinherit |
bool |
Role automatically inherits privileges of roles it is a
member of |
|
rolcreaterole |
bool |
Role may create more roles |
|
rolcreatedb |
bool |
Role may create databases |
|
rolcatupdate |
bool |
Role may update system catalogs directly. (Even a superuser may not do
this unless this column is true)
|
|
rolcanlogin |
bool |
Role may log in. That is, this role can be given as the initial
session authorization identifier
|
|
rolconnlimit |
int4 |
For roles that can log in, this sets maximum number of concurrent
connections this role can make. -1 means no limit
|
|
rolpassword |
text |
Password (possibly encrypted); NULL if none |
|
rolvaliduntil |
timestamptz |
Password expiry time (only used for password authentication);
NULL if no expiration |
|
rolconfig |
text[] |
Session defaults for run-time configuration variables |
|
|
