summaryrefslogtreecommitdiffstats
path: root/doc/src/sgml/html/database-roles.html
diff options
context:
space:
mode:
Diffstat (limited to 'doc/src/sgml/html/database-roles.html')
-rw-r--r--doc/src/sgml/html/database-roles.html70
1 files changed, 70 insertions, 0 deletions
diff --git a/doc/src/sgml/html/database-roles.html b/doc/src/sgml/html/database-roles.html
new file mode 100644
index 0000000..d674817
--- /dev/null
+++ b/doc/src/sgml/html/database-roles.html
@@ -0,0 +1,70 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>21.1. Database Roles</title><link rel="stylesheet" type="text/css" href="stylesheet.css" /><link rev="made" href="pgsql-docs@lists.postgresql.org" /><meta name="generator" content="DocBook XSL Stylesheets V1.79.1" /><link rel="prev" href="user-manag.html" title="Chapter 21. Database Roles" /><link rel="next" href="role-attributes.html" title="21.2. Role Attributes" /></head><body id="docContent" class="container-fluid col-10"><div xmlns="http://www.w3.org/TR/xhtml1/transitional" class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="5" align="center">21.1. Database Roles</th></tr><tr><td width="10%" align="left"><a accesskey="p" href="user-manag.html" title="Chapter 21. Database Roles">Prev</a> </td><td width="10%" align="left"><a accesskey="u" href="user-manag.html" title="Chapter 21. Database Roles">Up</a></td><th width="60%" align="center">Chapter 21. Database Roles</th><td width="10%" align="right"><a accesskey="h" href="index.html" title="PostgreSQL 13.4 Documentation">Home</a></td><td width="10%" align="right"> <a accesskey="n" href="role-attributes.html" title="21.2. Role Attributes">Next</a></td></tr></table><hr></hr></div><div class="sect1" id="DATABASE-ROLES"><div class="titlepage"><div><div><h2 class="title" style="clear: both">21.1. Database Roles</h2></div></div></div><a id="id-1.6.8.5.2" class="indexterm"></a><a id="id-1.6.8.5.3" class="indexterm"></a><a id="id-1.6.8.5.4" class="indexterm"></a><a id="id-1.6.8.5.5" class="indexterm"></a><p>
+ Database roles are conceptually completely separate from
+ operating system users. In practice it might be convenient to
+ maintain a correspondence, but this is not required. Database roles
+ are global across a database cluster installation (and not
+ per individual database). To create a role use the <a class="xref" href="sql-createrole.html" title="CREATE ROLE"><span class="refentrytitle">CREATE ROLE</span></a> SQL command:
+</p><pre class="synopsis">
+CREATE ROLE <em class="replaceable"><code>name</code></em>;
+</pre><p>
+ <em class="replaceable"><code>name</code></em> follows the rules for SQL
+ identifiers: either unadorned without special characters, or
+ double-quoted. (In practice, you will usually want to add additional
+ options, such as <code class="literal">LOGIN</code>, to the command. More details appear
+ below.) To remove an existing role, use the analogous
+ <a class="xref" href="sql-droprole.html" title="DROP ROLE"><span class="refentrytitle">DROP ROLE</span></a> command:
+</p><pre class="synopsis">
+DROP ROLE <em class="replaceable"><code>name</code></em>;
+</pre><p>
+ </p><a id="id-1.6.8.5.7" class="indexterm"></a><a id="id-1.6.8.5.8" class="indexterm"></a><p>
+ For convenience, the programs <a class="xref" href="app-createuser.html" title="createuser"><span class="refentrytitle"><span class="application">createuser</span></span></a>
+ and <a class="xref" href="app-dropuser.html" title="dropuser"><span class="refentrytitle"><span class="application">dropuser</span></span></a> are provided as wrappers
+ around these SQL commands that can be called from the shell command
+ line:
+</p><pre class="synopsis">
+createuser <em class="replaceable"><code>name</code></em>
+dropuser <em class="replaceable"><code>name</code></em>
+</pre><p>
+ </p><p>
+ To determine the set of existing roles, examine the <code class="structname">pg_roles</code>
+ system catalog, for example
+</p><pre class="synopsis">
+SELECT rolname FROM pg_roles;
+</pre><p>
+ The <a class="xref" href="app-psql.html" title="psql"><span class="refentrytitle"><span class="application">psql</span></span></a> program's <code class="literal">\du</code> meta-command
+ is also useful for listing the existing roles.
+ </p><p>
+ In order to bootstrap the database system, a freshly initialized
+ system always contains one predefined role. This role is always
+ a <span class="quote">“<span class="quote">superuser</span>”</span>, and by default (unless altered when running
+ <code class="command">initdb</code>) it will have the same name as the
+ operating system user that initialized the database
+ cluster. Customarily, this role will be named
+ <code class="literal">postgres</code>. In order to create more roles you
+ first have to connect as this initial role.
+ </p><p>
+ Every connection to the database server is made using the name of some
+ particular role, and this role determines the initial access privileges for
+ commands issued in that connection.
+ The role name to use for a particular database
+ connection is indicated by the client that is initiating the
+ connection request in an application-specific fashion. For example,
+ the <code class="command">psql</code> program uses the
+ <code class="option">-U</code> command line option to indicate the role to
+ connect as. Many applications assume the name of the current
+ operating system user by default (including
+ <code class="command">createuser</code> and <code class="command">psql</code>). Therefore it
+ is often convenient to maintain a naming correspondence between
+ roles and operating system users.
+ </p><p>
+ The set of database roles a given client connection can connect as
+ is determined by the client authentication setup, as explained in
+ <a class="xref" href="client-authentication.html" title="Chapter 20. Client Authentication">Chapter 20</a>. (Thus, a client is not
+ limited to connect as the role matching
+ its operating system user, just as a person's login name
+ need not match his or her real name.) Since the role
+ identity determines the set of privileges available to a connected
+ client, it is important to carefully configure privileges when setting up
+ a multiuser environment.
+ </p></div><div xmlns="http://www.w3.org/TR/xhtml1/transitional" class="navfooter"><hr></hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="user-manag.html" title="Chapter 21. Database Roles">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="user-manag.html" title="Chapter 21. Database Roles">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="role-attributes.html" title="21.2. Role Attributes">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Chapter 21. Database Roles </td><td width="20%" align="center"><a accesskey="h" href="index.html" title="PostgreSQL 13.4 Documentation">Home</a></td><td width="40%" align="right" valign="top"> 21.2. Role Attributes</td></tr></table></div></body></html> \ No newline at end of file