Help Center/GaussDB/Developer Guide(Distributed_V2.0-8.x)/System Catalogs and System Views/System Catalogs/Connection and Authentication/PG_AUTHID
Updated on 2025-08-19 GMT+08:00
View PDF

PG_AUTHID

PG_AUTHID records information about database authentication identifiers (roles). The concept of users is contained in that of roles. A user is actually a role whose rolcanlogin has been set. Any role, whether its rolcanlogin is set or not, can use other roles as members.

For a cluster, only one PG_AUTHID exists, which is not available for every database. This system catalog is accessible only to system administrators.

Table 1 PG_AUTHID columns

Name

Type

Description

oid

oid

Row identifier (hidden attribute, which must be specified).

rolname

name

Role name.

rolsuper

boolean

Specifies whether a role is the initial system administrator with the highest permission.

  • t (true): yes
  • f (false): no

rolinherit

boolean

Specifies whether a role automatically inherits permissions of roles of which it is a member.

  • t (true): automatically inherited
  • f (false): not automatically inherited

rolcreaterole

boolean

Specifies whether a role can create more roles.

  • t (true): yes
  • f (false): no

rolcreatedb

boolean

Specifies whether a role can create databases.

  • t (true): yes
  • f (false): no

rolcatupdate

boolean

Specifies whether the role can directly update system catalogs. Only the initial system administrator whose usesysid is 10 has this permission. It is unavailable for other users.

  • t (true): yes
  • f (false): no

rolcanlogin

boolean

Specifies whether the role can log in, that is, whether the role can be given as the initial session authorization identifier.

  • t (true): yes
  • f (false): no

rolreplication

boolean

Specifies whether the role has the replication permission.

  • t (true): yes
  • f (false): no

rolauditadmin

boolean

Specifies whether the role has the audit administrator permission.

  • t (true): yes
  • f (false): no

rolsystemadmin

boolean

Specifies whether the role has the system administrator permission.

  • t (true): yes
  • f (false): no

rolconnlimit

integer

Maximum number of concurrent connections that this role can make (valid for roles that can log in).

The value –1 indicates there is no limit.

rolpassword

text

Password ciphertext. If there is no password, the value is NULL.

rolvalidbegin

timestamp with time zone

Account validity start time (NULL if no start time).

rolvaliduntil

timestamp with time zone

Password expiry time (NULL if no expiration).

rolrespool

name

Resource pool that a user can use.

roluseft

boolean

Specifies whether the role can perform operations on foreign tables.

  • t (true): yes
  • f (false): no

rolparentid

oid

OID of a group user to which the user belongs.

roltabspace

text

Maximum size of a user data table.

rolkind

"char"

Type of a user.

  • n: common user
  • p: permanent user

roltempspace

text

Maximum size of a user's temporary table, in KB.

rolspillspace

text

Maximum size of data that can be written to disks when a user executes a job, in KB.

rolexcpdata

text

Query rules that can be set by users (reserved).

rolmonitoradmin

boolean

Specifies whether the role has the monitor administrator permission.

  • t (true): yes
  • f (false): no

roloperatoradmin

boolean

Specifies whether the role has the O&M administrator permission.

  • t (true): yes
  • f (false): no

rolpolicyadmin

boolean

Specifies whether the role has the security policy administrator permission.

  • t (true): yes
  • f (false): no