Open search page
Hello, I’m DocuDroid!
Open Ask AI page
Submitting feedback
Thank you for rating our AI Search!
We would be grateful if you could share your thoughts so we can improve our AI Search for you and other readers.
GitHub

pg_authid

The pg_authid table contains information about database authorization identifiers (roles). A role subsumes the concepts of users and groups. A user is a role with the rolcanlogin flag set. Any role (with or without rolcanlogin) may have other roles as members. See pg_auth_members.

Since this catalog contains passwords, it must not be publicly readable. pg_roles is a publicly readable view on pg_authid that blanks out the password field.

Because user identities are system-wide, pg_authid is shared across all databases in a Greengage DB system: there is only one copy of pg_authid per system, not one per database.

Column Type Description

oid

oid

Row identifier (hidden attribute; must be explicitly selected)

rolname

name

Role name

rolsuper

boolean

Whether the role has superuser privileges

rolinherit

boolean

Whether the role automatically inherits privileges of roles it is a member of

rolcreaterole

boolean

Whether the role may create more roles

rolcreatedb

boolean

Whether the role may create databases

rolcatupdate

boolean

Whether the role may update system catalogs directly. Even a superuser may not do this unless this column is true

rolcanlogin

boolean

Whether the role may log in. That is, this role can be given as the initial session authorization identifier

rolreplication

boolean

Role is a replication role. That is, this role can initiate streaming replication and set/unset the system backup mode using pg_start_backup() and pg_stop_backup()

rolconnlimit

integer

For roles that can log in, this sets maximum number of concurrent connections this role can make. -1 means no limit

rolpassword

text

Password (possibly encrypted); NULL if none. The format depends on the form of encryption used. See the note below

rolvaliduntil

timestamptz

Password expiry time (only used for password authentication); NULL if no expiration

rolresqueue

oid

Object ID of the associated resource queue ID in pg_resqueue

rolcreaterextgpfd

boolean

Whether the role may create readable external tables that use the GPFDIST protocol

rolcreaterexhttp

boolean

Whether the role may create readable external tables that use the HTTP protocol

rolcreatewextgpfd

boolean

Whether the role may create writable external tables that use the GPFDIST protocol

rolresgroup

oid

Object ID of the associated resource group ID in pg_resgroup

Note the following:

  • For an MD5-encrypted password, the rolpassword column will begin with the string md5 followed by a 32-character hexadecimal MD5 hash. The MD5 hash will be of the user’s password concatenated to their user name. For example, if user joe has password xyzzy Greengage DB will store the md5 hash of xyzzyjoe.

  • If the password is encrypted with SCRAM-SHA-256, the rolpassword column has the format:

    SCRAM-SHA-256$<iteration count>:<salt>$<StoredKey>:<ServerKey>

    where <salt>, <StoredKey>, and <ServerKey> are in Base64-encoded format. This format is the same as that specified by RFC 5803.

  • If the password is encrypted with SHA-256, the rolpassword column is a 64-byte hexadecimal string prefixed with the characters sha256.

A password that does not follow any of these formats is assumed to be unencrypted.

Previous
pg_auth_members
Next
pg_cast