Updated on 2024-05-07 GMT+08:00

PG_AUTHID

PG_AUTHID records information about database authentication identifiers (roles). The concept of users is contained in that of roles. A user is actually a role whose rolcanlogin has been set. Any role, whether its rolcanlogin is set or not, can use other roles as members.

For a cluster, only one PG_AUTHID exists, which is not available for every database. This system catalog is accessible only to system administrators.

Table 1 PG_AUTHID columns

Name

Type

Description

oid

oid

Row identifier (hidden attribute, which must be specified)

rolname

name

Name of a role

rolsuper

boolean

Whether the role is the initial system administrator with the highest permission

  • t (true): yes
  • f (false): no

rolinherit

boolean

Whether the role automatically inherits permissions of roles of which it is a member

  • t (true): automatically inherited
  • f (false): not automatically inherited

rolcreaterole

boolean

Whether the role can create more roles

  • t (true): yes
  • f (false): no

rolcreatedb

boolean

Whether the role can create databases

  • t (true): yes
  • f (false): no

rolcatupdate

boolean

Whether the role can directly update system catalogs Only the initial system administrator whose usesysid is 10 has this permission. It is unavailable for other users.

  • t (true): yes
  • f (false): no

rolcanlogin

boolean

Whether the role can log in (whether this role can be given as the initial session authorization identifier)

  • t (true): yes
  • f (false): no

rolreplication

boolean

Specifies whether the role has the replication permission.

  • t (true): yes
  • f (false): no

rolauditadmin

boolean

Specifies whether the role has the audit administrator permission.

  • t (true): yes
  • f (false): no

rolsystemadmin

boolean

Specifies whether the role has the system administrator permission.

  • t (true): yes
  • f (false): no

rolconnlimit

integer

Maximum number of concurrent connections that this role can make (valid for roles that can log in)

The value –1 indicates there is no limit.

rolpassword

text

Password (possibly encrypted) (null if no password)

rolvalidbegin

timestamp with time zone

Account validity start time (NULL if no start time)

rolvaliduntil

timestamp with time zone

Password expiry time (NULL if no expiration)

rolrespool

name

Resource pool that a user can use

roluseft

boolean

Whether the role can perform operations on foreign tables

  • t (true): yes
  • f (false): no

rolparentid

oid

OID of a group user to which the user belongs

roltabspace

text

Maximum size of a user data table

rolkind

"char"

Type of a user.

  • p: permanent user
  • n: common user

roltempspace

text

Maximum size of a user's temporary table, in KB.

rolspillspace

text

Maximum size of data that can be written to disks when a user executes a job, in KB.

rolexcpdata

text

Query rules that can be set by users (reserved)

rolmonitoradmin

boolean

Specifies whether the role has the monitor administrator permission.

  • t (true): yes
  • f (false): no

roloperatoradmin

boolean

Specifies whether the role has the O&M administrator permission.

  • t (true): yes
  • f (false): no

rolpolicyadmin

boolean

Specifies whether the role has the security policy administrator permission.

  • t (true): yes
  • f (false): no