Reference: Roles

CREATE ROLE

Create role allows adding new database roles. A role in SQL is an abstraction over users (which can log in) and groups (which bundle permissions).

Usage example:

-- Create a new user
create role dbuser login with password '1234';
-- Create user implies a "login" role
create user admin with createdb createrole password 'admin';

Options

The create role statement can be used with multiple of the following options. Direct options can be specified for both create and alter role:

superuser, nosuperuser
createdb, nocreatedb
createrole, nocreaterole
inherit, noinherit
login, nologin
replication, noreplication
connection limit connlimit (currently not enforced)
password ‘password’, password null

When creating a new role, you can additionally specify the hierarchy of its group memberships:

in role role_name, …
role role_name, …
admin role_name, …

Permissions

To create a role, you need to have superuser or createrole permissions.

ALTER ROLE

Alter role allows modifying a database role. A role in SQL is an abstraction over users (which can log in) and groups (which bundle permissions).

For example, you can give a role elevated privileges:

alter role admin with superuser;

For a full list of permissions, see the CREATE ROLE section above.

Permissions

Users are only allowed to change their own password without special permissions:

alter user current_user password '1234';

For all other role modifications, the user executing the alter either needs to be a superuser or have the createrole permission.

Databases Functions