PG_AUTHID

PG_AUTHID records information about the database authentication identifiers (roles). The concept of users is contained in that of roles. A user is actually a role whose rolcanlogin has been set. Any role, whether the rolcanlogin is set or not, can use other roles as members.

For a cluster, only one pg_authid exists which is not available for every database. It is accessible only to users with system administrator rights.

Table 1 PG_AUTHID columns

Column

Type

Description

oid

oid

Row identifier (hidden attribute; must be explicitly selected)

rolname

name

Role name

rolsuper

boolean

Whether the role is the initial system administrator with the highest permission

rolinherit

boolean

Whether the role automatically inherits permissions of roles it is a member of

rolcreaterole

boolean

Whether the role can create more roles

rolcreatedb

boolean

Whether the role can create databases

rolcatupdate

boolean

Whether the role can directly update system catalogs. Only the initial system administrator whose usesysid is 10 has this permission. It is not available for other users.

rolcanlogin

boolean

Whether a role can log in, that is, whether a role can be given as the initial session authorization identifier.

rolreplication

boolean

Indicates that the role is a replicated one (an adaptation syntax and no actual meaning).

rolauditadmin

boolean

Indicates that the role is an audit user.

rolsystemadmin

boolean

Indicates that the role is an administrator.

rolconnlimit

integer

For roles that can log in, this sets maximum number of concurrent connections this role can make. -1 means no limit.

rolpassword

text

Password (possibly encrypted); NULL if no password.

rolvalidbegin

timestamp with time zone

Account validity start time; NULL if no start time

rolvaliduntil

timestamp with time zone

Password expiry time; NULL if no expiration

rolrespool

name

Resource pool that a user can use

roluseft

boolean

Whether the role can perform operations on foreign tables

rolparentid

oid

OID of a group user to which the user belongs

roltabspace

Text

Storage space of the user permanent table

rolkind

char

Special type of user, including private users, logical cluster administrators, and common users.

rolnodegroup

oid

OID of a node group associated with a user. The node group must be a logical cluster.

roltempspace

Text

Storage space of the user temporary table

rolspillspace

Text

Operator disk spill space of the user

rolexcpdata

text

Reserved column

rolauthinfo

text

Additional information when LDAP authentication is used. If other authentication modes are used, the value is NULL.

rolpwdexpire

integer

Password expiration time. Users can change their password before it expires. After the password expires, only the administrator can change the password. The value -1 indicates that the password never expires.

rolpwdtime

timestamp with time zone

Time when a password is created