diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-04 12:19:15 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-04 12:19:15 +0000 |
commit | 6eb9c5a5657d1fe77b55cc261450f3538d35a94d (patch) | |
tree | 657d8194422a5daccecfd42d654b8a245ef7b4c8 /doc/src/sgml/html/catalog-pg-authid.html | |
parent | Initial commit. (diff) | |
download | postgresql-13-upstream.tar.xz postgresql-13-upstream.zip |
Adding upstream version 13.4.upstream/13.4upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'doc/src/sgml/html/catalog-pg-authid.html')
-rw-r--r-- | doc/src/sgml/html/catalog-pg-authid.html | 113 |
1 files changed, 113 insertions, 0 deletions
diff --git a/doc/src/sgml/html/catalog-pg-authid.html b/doc/src/sgml/html/catalog-pg-authid.html new file mode 100644 index 0000000..3a334a2 --- /dev/null +++ b/doc/src/sgml/html/catalog-pg-authid.html @@ -0,0 +1,113 @@ +<?xml version="1.0" encoding="UTF-8" standalone="no"?> +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>51.8. pg_authid</title><link rel="stylesheet" type="text/css" href="stylesheet.css" /><link rev="made" href="pgsql-docs@lists.postgresql.org" /><meta name="generator" content="DocBook XSL Stylesheets V1.79.1" /><link rel="prev" href="catalog-pg-attribute.html" title="51.7. pg_attribute" /><link rel="next" href="catalog-pg-auth-members.html" title="51.9. pg_auth_members" /></head><body id="docContent" class="container-fluid col-10"><div xmlns="http://www.w3.org/TR/xhtml1/transitional" class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="5" align="center">51.8. <code xmlns="http://www.w3.org/1999/xhtml" class="structname">pg_authid</code></th></tr><tr><td width="10%" align="left"><a accesskey="p" href="catalog-pg-attribute.html" title="51.7. pg_attribute">Prev</a> </td><td width="10%" align="left"><a accesskey="u" href="catalogs.html" title="Chapter 51. System Catalogs">Up</a></td><th width="60%" align="center">Chapter 51. System Catalogs</th><td width="10%" align="right"><a accesskey="h" href="index.html" title="PostgreSQL 13.4 Documentation">Home</a></td><td width="10%" align="right"> <a accesskey="n" href="catalog-pg-auth-members.html" title="51.9. pg_auth_members">Next</a></td></tr></table><hr></hr></div><div class="sect1" id="CATALOG-PG-AUTHID"><div class="titlepage"><div><div><h2 class="title" style="clear: both">51.8. <code class="structname">pg_authid</code></h2></div></div></div><a id="id-1.10.4.10.2" class="indexterm"></a><p> + The catalog <code class="structname">pg_authid</code> contains information about + database authorization identifiers (roles). A role subsumes the concepts + of <span class="quote">“<span class="quote">users</span>”</span> and <span class="quote">“<span class="quote">groups</span>”</span>. A user is essentially just a + role with the <code class="structfield">rolcanlogin</code> flag set. Any role (with or + without <code class="structfield">rolcanlogin</code>) can have other roles as members; see + <a class="link" href="catalog-pg-auth-members.html" title="51.9. pg_auth_members"><code class="structname">pg_auth_members</code></a>. + </p><p> + Since this catalog contains passwords, it must not be publicly readable. + <a class="link" href="view-pg-roles.html" title="51.81. pg_roles"><code class="structname">pg_roles</code></a> + is a publicly readable view on + <code class="structname">pg_authid</code> that blanks out the password field. + </p><p> + <a class="xref" href="user-manag.html" title="Chapter 21. Database Roles">Chapter 21</a> contains detailed information about user and + privilege management. + </p><p> + Because user identities are cluster-wide, + <code class="structname">pg_authid</code> + is shared across all databases of a cluster: there is only one + copy of <code class="structname">pg_authid</code> per cluster, not + one per database. + </p><div class="table" id="id-1.10.4.10.7"><p class="title"><strong>Table 51.8. <code class="structname">pg_authid</code> Columns</strong></p><div class="table-contents"><table class="table" summary="pg_authid Columns" border="1"><colgroup><col /></colgroup><thead><tr><th class="catalog_table_entry"><p class="column_definition"> + Column Type + </p> + <p> + Description + </p></th></tr></thead><tbody><tr><td class="catalog_table_entry"><p class="column_definition"> + <code class="structfield">oid</code> <code class="type">oid</code> + </p> + <p> + Row identifier + </p></td></tr><tr><td class="catalog_table_entry"><p class="column_definition"> + <code class="structfield">rolname</code> <code class="type">name</code> + </p> + <p> + Role name + </p></td></tr><tr><td class="catalog_table_entry"><p class="column_definition"> + <code class="structfield">rolsuper</code> <code class="type">bool</code> + </p> + <p> + Role has superuser privileges + </p></td></tr><tr><td class="catalog_table_entry"><p class="column_definition"> + <code class="structfield">rolinherit</code> <code class="type">bool</code> + </p> + <p> + Role automatically inherits privileges of roles it is a + member of + </p></td></tr><tr><td class="catalog_table_entry"><p class="column_definition"> + <code class="structfield">rolcreaterole</code> <code class="type">bool</code> + </p> + <p> + Role can create more roles + </p></td></tr><tr><td class="catalog_table_entry"><p class="column_definition"> + <code class="structfield">rolcreatedb</code> <code class="type">bool</code> + </p> + <p> + Role can create databases + </p></td></tr><tr><td class="catalog_table_entry"><p class="column_definition"> + <code class="structfield">rolcanlogin</code> <code class="type">bool</code> + </p> + <p> + Role can log in. That is, this role can be given as the initial + session authorization identifier. + </p></td></tr><tr><td class="catalog_table_entry"><p class="column_definition"> + <code class="structfield">rolreplication</code> <code class="type">bool</code> + </p> + <p> + Role is a replication role. A replication role can initiate replication + connections and create and drop replication slots. + </p></td></tr><tr><td class="catalog_table_entry"><p class="column_definition"> + <code class="structfield">rolbypassrls</code> <code class="type">bool</code> + </p> + <p> + Role bypasses every row level security policy, see + <a class="xref" href="ddl-rowsecurity.html" title="5.8. Row Security Policies">Section 5.8</a> for more information. + </p></td></tr><tr><td class="catalog_table_entry"><p class="column_definition"> + <code class="structfield">rolconnlimit</code> <code class="type">int4</code> + </p> + <p> + For roles that can log in, this sets maximum number of concurrent + connections this role can make. -1 means no limit. + </p></td></tr><tr><td class="catalog_table_entry"><p class="column_definition"> + <code class="structfield">rolpassword</code> <code class="type">text</code> + </p> + <p> + Password (possibly encrypted); null if none. The format depends + on the form of encryption used. + </p></td></tr><tr><td class="catalog_table_entry"><p class="column_definition"> + <code class="structfield">rolvaliduntil</code> <code class="type">timestamptz</code> + </p> + <p> + Password expiry time (only used for password authentication); + null if no expiration + </p></td></tr></tbody></table></div></div><br class="table-break" /><p> + For an MD5 encrypted password, <code class="structfield">rolpassword</code> + column will begin with the string <code class="literal">md5</code> followed by a + 32-character hexadecimal MD5 hash. The MD5 hash will be of the user's + password concatenated to their user name. For example, if user + <code class="literal">joe</code> has password <code class="literal">xyzzy</code>, <span class="productname">PostgreSQL</span> + will store the md5 hash of <code class="literal">xyzzyjoe</code>. + </p><p> + If the password is encrypted with SCRAM-SHA-256, it has the format: +</p><pre class="synopsis"> +SCRAM-SHA-256$<em class="replaceable"><code><iteration count></code></em>:<em class="replaceable"><code><salt></code></em>$<em class="replaceable"><code><StoredKey></code></em>:<em class="replaceable"><code><ServerKey></code></em> +</pre><p> + where <em class="replaceable"><code>salt</code></em>, <em class="replaceable"><code>StoredKey</code></em> and + <em class="replaceable"><code>ServerKey</code></em> are in Base64 encoded format. This format is + the same as that specified by RFC 5803. + </p><p> + A password that does not follow either of those formats is assumed to be + unencrypted. + </p></div><div xmlns="http://www.w3.org/TR/xhtml1/transitional" class="navfooter"><hr></hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="catalog-pg-attribute.html" title="51.7. pg_attribute">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="catalogs.html" title="Chapter 51. System Catalogs">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="catalog-pg-auth-members.html" title="51.9. pg_auth_members">Next</a></td></tr><tr><td width="40%" align="left" valign="top">51.7. <code xmlns="http://www.w3.org/1999/xhtml" class="structname">pg_attribute</code> </td><td width="20%" align="center"><a accesskey="h" href="index.html" title="PostgreSQL 13.4 Documentation">Home</a></td><td width="40%" align="right" valign="top"> 51.9. <code xmlns="http://www.w3.org/1999/xhtml" class="structname">pg_auth_members</code></td></tr></table></div></body></html>
\ No newline at end of file |