diff options
Diffstat (limited to 'doc/src/sgml/html/database-roles.html')
-rw-r--r-- | doc/src/sgml/html/database-roles.html | 70 |
1 files changed, 70 insertions, 0 deletions
diff --git a/doc/src/sgml/html/database-roles.html b/doc/src/sgml/html/database-roles.html new file mode 100644 index 0000000..d674817 --- /dev/null +++ b/doc/src/sgml/html/database-roles.html @@ -0,0 +1,70 @@ +<?xml version="1.0" encoding="UTF-8" standalone="no"?> +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>21.1. Database Roles</title><link rel="stylesheet" type="text/css" href="stylesheet.css" /><link rev="made" href="pgsql-docs@lists.postgresql.org" /><meta name="generator" content="DocBook XSL Stylesheets V1.79.1" /><link rel="prev" href="user-manag.html" title="Chapter 21. Database Roles" /><link rel="next" href="role-attributes.html" title="21.2. Role Attributes" /></head><body id="docContent" class="container-fluid col-10"><div xmlns="http://www.w3.org/TR/xhtml1/transitional" class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="5" align="center">21.1. Database Roles</th></tr><tr><td width="10%" align="left"><a accesskey="p" href="user-manag.html" title="Chapter 21. Database Roles">Prev</a> </td><td width="10%" align="left"><a accesskey="u" href="user-manag.html" title="Chapter 21. Database Roles">Up</a></td><th width="60%" align="center">Chapter 21. Database Roles</th><td width="10%" align="right"><a accesskey="h" href="index.html" title="PostgreSQL 13.4 Documentation">Home</a></td><td width="10%" align="right"> <a accesskey="n" href="role-attributes.html" title="21.2. Role Attributes">Next</a></td></tr></table><hr></hr></div><div class="sect1" id="DATABASE-ROLES"><div class="titlepage"><div><div><h2 class="title" style="clear: both">21.1. Database Roles</h2></div></div></div><a id="id-1.6.8.5.2" class="indexterm"></a><a id="id-1.6.8.5.3" class="indexterm"></a><a id="id-1.6.8.5.4" class="indexterm"></a><a id="id-1.6.8.5.5" class="indexterm"></a><p> + Database roles are conceptually completely separate from + operating system users. In practice it might be convenient to + maintain a correspondence, but this is not required. Database roles + are global across a database cluster installation (and not + per individual database). To create a role use the <a class="xref" href="sql-createrole.html" title="CREATE ROLE"><span class="refentrytitle">CREATE ROLE</span></a> SQL command: +</p><pre class="synopsis"> +CREATE ROLE <em class="replaceable"><code>name</code></em>; +</pre><p> + <em class="replaceable"><code>name</code></em> follows the rules for SQL + identifiers: either unadorned without special characters, or + double-quoted. (In practice, you will usually want to add additional + options, such as <code class="literal">LOGIN</code>, to the command. More details appear + below.) To remove an existing role, use the analogous + <a class="xref" href="sql-droprole.html" title="DROP ROLE"><span class="refentrytitle">DROP ROLE</span></a> command: +</p><pre class="synopsis"> +DROP ROLE <em class="replaceable"><code>name</code></em>; +</pre><p> + </p><a id="id-1.6.8.5.7" class="indexterm"></a><a id="id-1.6.8.5.8" class="indexterm"></a><p> + For convenience, the programs <a class="xref" href="app-createuser.html" title="createuser"><span class="refentrytitle"><span class="application">createuser</span></span></a> + and <a class="xref" href="app-dropuser.html" title="dropuser"><span class="refentrytitle"><span class="application">dropuser</span></span></a> are provided as wrappers + around these SQL commands that can be called from the shell command + line: +</p><pre class="synopsis"> +createuser <em class="replaceable"><code>name</code></em> +dropuser <em class="replaceable"><code>name</code></em> +</pre><p> + </p><p> + To determine the set of existing roles, examine the <code class="structname">pg_roles</code> + system catalog, for example +</p><pre class="synopsis"> +SELECT rolname FROM pg_roles; +</pre><p> + The <a class="xref" href="app-psql.html" title="psql"><span class="refentrytitle"><span class="application">psql</span></span></a> program's <code class="literal">\du</code> meta-command + is also useful for listing the existing roles. + </p><p> + In order to bootstrap the database system, a freshly initialized + system always contains one predefined role. This role is always + a <span class="quote">“<span class="quote">superuser</span>”</span>, and by default (unless altered when running + <code class="command">initdb</code>) it will have the same name as the + operating system user that initialized the database + cluster. Customarily, this role will be named + <code class="literal">postgres</code>. In order to create more roles you + first have to connect as this initial role. + </p><p> + Every connection to the database server is made using the name of some + particular role, and this role determines the initial access privileges for + commands issued in that connection. + The role name to use for a particular database + connection is indicated by the client that is initiating the + connection request in an application-specific fashion. For example, + the <code class="command">psql</code> program uses the + <code class="option">-U</code> command line option to indicate the role to + connect as. Many applications assume the name of the current + operating system user by default (including + <code class="command">createuser</code> and <code class="command">psql</code>). Therefore it + is often convenient to maintain a naming correspondence between + roles and operating system users. + </p><p> + The set of database roles a given client connection can connect as + is determined by the client authentication setup, as explained in + <a class="xref" href="client-authentication.html" title="Chapter 20. Client Authentication">Chapter 20</a>. (Thus, a client is not + limited to connect as the role matching + its operating system user, just as a person's login name + need not match his or her real name.) Since the role + identity determines the set of privileges available to a connected + client, it is important to carefully configure privileges when setting up + a multiuser environment. + </p></div><div xmlns="http://www.w3.org/TR/xhtml1/transitional" class="navfooter"><hr></hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="user-manag.html" title="Chapter 21. Database Roles">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="user-manag.html" title="Chapter 21. Database Roles">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="role-attributes.html" title="21.2. Role Attributes">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Chapter 21. Database Roles </td><td width="20%" align="center"><a accesskey="h" href="index.html" title="PostgreSQL 13.4 Documentation">Home</a></td><td width="40%" align="right" valign="top"> 21.2. Role Attributes</td></tr></table></div></body></html>
\ No newline at end of file |