PG_AUTHID¶
PG_AUTHID records information about the database authentication identifiers (roles). The concept of users is contained in that of roles. A user is actually a role whose rolcanlogin has been set. Any role, whether the rolcanlogin is set or not, can use other roles as members.
For a cluster, only one pg_authid exists which is not available for every database. It is accessible only to users with system administrator rights.
Column | Type | Description |
---|---|---|
oid | oid | Row identifier (hidden attribute; must be explicitly selected) |
rolname | name | Role name |
rolsuper | boolean | Whether the role is the initial system administrator with the highest permission |
rolinherit | boolean | Whether the role automatically inherits permissions of roles it is a member of |
rolcreaterole | boolean | Whether the role can create more roles |
rolcreatedb | boolean | Whether the role can create databases |
rolcatupdate | boolean | Whether the role can directly update system catalogs. Only the initial system administrator whose usesysid is 10 has this permission. It is not available for other users. |
rolcanlogin | boolean | Whether a role can log in, that is, whether a role can be given as the initial session authorization identifier. |
rolreplication | boolean | Indicates that the role is a replicated one (an adaptation syntax and no actual meaning). |
rolauditadmin | boolean | Indicates that the role is an audit user. |
rolsystemadmin | boolean | Indicates that the role is an administrator. |
rolconnlimit | integer | For roles that can log in, this sets maximum number of concurrent connections this role can make. -1 means no limit. |
rolpassword | text | Password (possibly encrypted); NULL if no password. |
rolvalidbegin | timestamp with time zone | Account validity start time; NULL if no start time |
rolvaliduntil | timestamp with time zone | Password expiry time; NULL if no expiration |
rolrespool | name | Resource pool that a user can use |
roluseft | boolean | Whether the role can perform operations on foreign tables |
rolparentid | oid | OID of a group user to which the user belongs |
roltabspace | Text | Storage space of the user permanent table |
rolkind | char | Special type of user, including private users, logical cluster administrators, and common users. |
rolnodegroup | oid | OID of a node group associated with a user. The node group must be a logical cluster. |
roltempspace | Text | Storage space of the user temporary table |
rolspillspace | Text | Operator disk spill space of the user |
rolexcpdata | text | Reserved column |
rolauthinfo | text | Additional information when LDAP authentication is used. If other authentication modes are used, the value is NULL. |
rolpwdexpire | integer | Password expiration time. Users can change their password before it expires. After the password expires, only the administrator can change the password. The value -1 indicates that the password never expires. |
rolpwdtime | timestamp with time zone | Time when a password is created |