A newer version of this documentation is available. Click here to view the most up-to-date release of the Greenplum 4.x documentation.
The pg_authid table contains information about database authorization identifiers (roles). A role subsumes the concepts of users and groups. A user is a role with the rolcanlogin flag set. Any role (with or without rolcanlogin) may have other roles as members. See pg_auth_members.
Since this catalog contains passwords, it must not be publicly readable. pg_roles is a publicly readable view on pg_authid that blanks out the password field.
Because user identities are system-wide, pg_authid is shared across all databases in a Greenplum Database system: there is only one copy of pg_authid per system, not one per database.
|rolsuper||boolean||Role has superuser privileges|
|rolinherit||boolean||Role automatically inherits privileges of roles it is a member of|
|rolcreaterole||boolean||Role may create more roles|
|rolcreatedb||boolean||Role may create databases|
|rolcatupdate||boolean||Role may update system catalogs directly. (Even a superuser may not do this unless this column is true)|
|rolcanlogin||boolean||Role may log in. That is, this role can be given as the initial session authorization identifier|
|rolconnlimit||int4||For roles that can log in, this sets maximum number of concurrent connections this role can make. -1 means no limit|
|rolpassword||text||Password (possibly encrypted); NULL if none|
|rolvaliduntil||timestamptz||Password expiry time (only used for password authentication); NULL if no expiration|
|rolconfig||text||Session defaults for server configuration parameters|