PG_AUTHID
PG_AUTHID records information about the database authentication identifiers (roles). The concept of users is contained in that of roles. A user is actually a role whose rolcanlogin has been set. Any role, whether the rolcanlogin is set or not, can use other roles as members.
For a cluster, only one pg_authid exists which is not available for every database. It is accessible only to users with system administrator rights.
| Column | Type | Description |
|---|---|---|
| OID | OID | Row identifier (hidden attribute; must be explicitly selected) |
| rolname | Name | Role name |
| rolsuper | boolean | Whether the role is the initial system administrator with the highest permission |
| rolinherit | boolean | Whether the role automatically inherits permissions of roles it is a member of |
| rolcreaterole | boolean | Whether the role can create more roles |
| rolcreatedb | boolean | Whether the role can create databases |
| rolcatupdate | boolean | Whether the role can directly update system catalogs. Only the initial system administrator whose usesysid is 10 has this permission. It is not available for other users. |
| rolcanlogin | boolean | Whether a role can log in, that is, whether a role can be given as the initial session authorization identifier. |
| rolreplication | boolean | Indicates that the role is a replicated one (an adaptation syntax and no actual meaning). |
| rolauditadmin | boolean | Indicates that the role is an audit user. |
| rolsystemadmin | boolean | Indicates that the role is an administrator. |
| rolconnlimit | Integer | Limits the maximum number of concurrent connections of a user on a CN. -1 means no limit. |
| rolpassword | Text | Password (possibly encrypted); NULL if no password. |
| rolvalidbegin | Timestamp with time zone | Account validity start time; NULL if no start time |
| rolvaliduntil | Timestamp with time zone | Password expiry time; NULL if no expiration |
| rolrespool | Name | Resource pool that a user can use |
| roluseft | boolean | Whether the role can perform operations on foreign tables |
| rolparentid | OID | OID of a group user to which the user belongs |
| roltabspace | Text | Storage space of the user permanent table |
| rolkind | Char | Special type of user, including private users, logical cluster administrators, and common users. |
| rolnodegroup | OID | OID of a node group associated with a user. The node group must be a logical cluster. |
| roltempspace | Text | Storage space of the user temporary table |
| rolspillspace | Text | Operator disk spill space of the user |
| rolexcpdata | Text | Reserved column |
| rolauthinfo | Text | Additional information when LDAP authentication is used. If other authentication modes are used, the value is NULL. |
| rolpwdexpire | Integer | Password expiration time. Users can change their password before it expires. After the password expires, only the administrator can change the password. The value -1 indicates that the password never expires. |
| rolpwdtime | Timestamp with time zone | Time when a password is created |
| roluuid | Bigint | Role identifier. This column is available only in clusters of version 9.1.0 or later. |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.
