PG_AUTHID
PG_AUTHID records information about database authentication identifiers (roles). The concept of users is contained in that of roles. A user is actually a role whose rolcanlogin has been set. Any role, whether its rolcanlogin is set or not, can use other roles as members.
For openGauss, only one PG_AUTHID exists, which is not available for every database. This system catalog is accessible only to system administrators.
Table 1 PG_AUTHID columns
Name | Type | Description |
|---|
oid | oid | Row identifier (hidden attribute, which must be specified) |
rolname | name | Name of a role |
rolsuper | boolean | Whether the role is the initial system administrator with the highest permission - t (true): yes
- f (false): no
|
rolinherit | boolean | Whether the role automatically inherits permissions of roles of which it is a member - t (true): automatically inherited
- f (false): not automatically inherited
|
rolcreaterole | boolean | Whether the role can create more roles - t (true): yes
- f (false): no
|
rolcreatedb | boolean | Whether the role can create databases - t (true): yes
- f (false): no
|
rolcatupdate | boolean | Whether the role can directly update system catalogs Only the initial system administrator whose usesysid is set to 10 has this permission. It is unavailable for other users. - t (true): yes
- f (false): no
|
rolcanlogin | boolean | Whether the role can log in (whether this role can be given as the initial session authorization identifier) - t (true): yes
- f (false): no
|
rolreplication | boolean | Whether the role has the replication permission - t (true): yes
- f (false): no
|
rolauditadmin | boolean | Whether the role has the audit administrator permission - t (true): yes
- f (false): no
|
rolsystemadmin | boolean | Whether the role has system administrator permissions - t (true): yes
- f (false): no
|
rolconnlimit | integer | Maximum number of concurrent connections that the role can make (valid for roles that can log in) The value –1 indicates there is no limit. |
rolpassword | text | Password (possibly encrypted); NULL if no password |
rolvalidbegin | timestamp with time zone | Account validity start time (NULL if no start time) |
rolvaliduntil | timestamp with time zone | Password expiry time (NULL if no expiration) |
rolrespool | name | Resource pool that a user can use |
roluseft | boolean | Whether the role can perform operations on foreign tables - t (true): yes
- f (false): no
|
rolparentid | oid | OID of a group user to which the user belongs |
roltabspace | text | Maximum size of a user data table |
rolkind | "char" | Special user types, including private users and common users |
rolnodegroup | oid | Unsupported currently |
roltempspace | text | Maximum size of a user's temporary table, in KB |
rolspillspace | text | Maximum size of data that can be written to disks when a user executes a job, in KB |
rolexcpdata | text | Query rules that can be set by users (reserved) |
rolmonitoradmin | boolean | Whether the role has monitor administrator permissions - t (true): yes
- f (false): no
|
roloperatoradmin | boolean | Whether the role has the O&M administrator permission - t (true): yes
- f (false): no
|
rolpolicyadmin | boolean | Whether the role has the security policy administrator permission - t (true): yes
- f (false): no
|
rolpasswordext | text | Password for other database encrypt rule if exists. If we created a B compatibility database, sha1(sha1(password)) will be stored here according to mysql_native_password strategy. NULL if password not exist |
openGauss 2025-10-31 07:42:18