pg_authid contains information about database authorization identifiers (roles). A role subsumes the concepts of "users" and "groups". A user is essentially just a role with the
rolcanlogin flag set. Any role (with or without
rolcanlogin) can have other roles as members; see
Since this catalog contains passwords, it must not be publicly readable.
pg_roles is a publicly readable view on
pg_authid that blanks out the password field.
Chapter 20 contains detailed information about user and privilege management.
Because user identities are cluster-wide,
pg_authid is shared across all databases of a cluster: there is only one copy of
pg_authid per cluster, not one per database.
| || ||Row identifier (hidden attribute; must be explicitly selected)|
| || ||Role name|
| || ||Role has superuser privileges|
| || ||Role automatically inherits privileges of roles it is a member of|
| || ||Role can create more roles|
| || ||Role can create databases|
| || ||Role can log in. That is, this role can be given as the initial session authorization identifier|
| || ||Role is a replication role. That is, this role can initiate streaming replication (see Section 25.2.5) and set/unset the system backup mode using |
| || ||Role bypasses every row level security policy, see Section 5.7 for more information.|
| || ||For roles that can log in, this sets maximum number of concurrent connections this role can make. -1 means no limit.|
| || ||Password (possibly encrypted); null if none. If the password is encrypted, this column will begin with the string |
| || ||Password expiry time (only used for password authentication); null if no expiration|
© 1996–2017 The PostgreSQL Global Development Group
Licensed under the PostgreSQL License.