]> begriffs open source - ai-pg/blob - full-docs/src/sgml/html/catalog-pg-authid.html
begriffs.com / projects / ai-pg / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
WIP: toc builder
[ai-pg] / full-docs / src / sgml / html / catalog-pg-authid.html
1 <?xml version="1.0" encoding="UTF-8" standalone="no"?>
2 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>52.8. pg_authid</title><link rel="stylesheet" type="text/css" href="stylesheet.css" /><link rev="made" href="pgsql-docs@lists.postgresql.org" /><meta name="generator" content="DocBook XSL Stylesheets Vsnapshot" /><link rel="prev" href="catalog-pg-attribute.html" title="52.7. pg_attribute" /><link rel="next" href="catalog-pg-auth-members.html" title="52.9. pg_auth_members" /></head><body id="docContent" class="container-fluid col-10"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="5" align="center">52.8. <code class="structname">pg_authid</code></th></tr><tr><td width="10%" align="left"><a accesskey="p" href="catalog-pg-attribute.html" title="52.7. pg_attribute">Prev</a> </td><td width="10%" align="left"><a accesskey="u" href="catalogs.html" title="Chapter 52. System Catalogs">Up</a></td><th width="60%" align="center">Chapter 52. System Catalogs</th><td width="10%" align="right"><a accesskey="h" href="index.html" title="PostgreSQL 18.0 Documentation">Home</a></td><td width="10%" align="right"> <a accesskey="n" href="catalog-pg-auth-members.html" title="52.9. pg_auth_members">Next</a></td></tr></table><hr /></div><div class="sect1" id="CATALOG-PG-AUTHID"><div class="titlepage"><div><div><h2 class="title" style="clear: both">52.8. <code class="structname">pg_authid</code> <a href="#CATALOG-PG-AUTHID" class="id_link">#</a></h2></div></div></div><a id="id-1.10.4.10.2" class="indexterm"></a><p>
3    The catalog <code class="structname">pg_authid</code> contains information about
4    database authorization identifiers (roles).  A role subsumes the concepts
5    of <span class="quote">“<span class="quote">users</span>”</span> and <span class="quote">“<span class="quote">groups</span>”</span>.  A user is essentially just a
6    role with the <code class="structfield">rolcanlogin</code> flag set.  Any role (with or
7    without <code class="structfield">rolcanlogin</code>) can have other roles as members; see
8    <a class="link" href="catalog-pg-auth-members.html" title="52.9. pg_auth_members"><code class="structname">pg_auth_members</code></a>.
9   </p><p>
10    Since this catalog contains passwords, it must not be publicly readable.
11    <a class="link" href="view-pg-roles.html" title="53.21. pg_roles"><code class="structname">pg_roles</code></a>
12    is a publicly readable view on
13    <code class="structname">pg_authid</code> that blanks out the password field.
14   </p><p>
15    <a class="xref" href="user-manag.html" title="Chapter 21. Database Roles">Chapter 21</a> contains detailed information about user and
16    privilege management.
17   </p><p>
18    Because user identities are cluster-wide,
19    <code class="structname">pg_authid</code>
20    is shared across all databases of a cluster: there is only one
21    copy of <code class="structname">pg_authid</code> per cluster, not
22    one per database.
23   </p><div class="table" id="id-1.10.4.10.7"><p class="title"><strong>Table 52.8. <code class="structname">pg_authid</code> Columns</strong></p><div class="table-contents"><table class="table" summary="pg_authid Columns" border="1"><colgroup><col /></colgroup><thead><tr><th class="catalog_table_entry"><p class="column_definition">
24        Column Type
25       </p>
26       <p>
27        Description
28       </p></th></tr></thead><tbody><tr><td class="catalog_table_entry"><p class="column_definition">
29        <code class="structfield">oid</code> <code class="type">oid</code>
30       </p>
31       <p>
32        Row identifier
33       </p></td></tr><tr><td class="catalog_table_entry"><p class="column_definition">
34        <code class="structfield">rolname</code> <code class="type">name</code>
35       </p>
36       <p>
37        Role name
38       </p></td></tr><tr><td class="catalog_table_entry"><p class="column_definition">
39        <code class="structfield">rolsuper</code> <code class="type">bool</code>
40       </p>
41       <p>
42        Role has superuser privileges
43       </p></td></tr><tr><td class="catalog_table_entry"><p class="column_definition">
44        <code class="structfield">rolinherit</code> <code class="type">bool</code>
45       </p>
46       <p>
47        Role automatically inherits privileges of roles it is a
48        member of
49       </p></td></tr><tr><td class="catalog_table_entry"><p class="column_definition">
50        <code class="structfield">rolcreaterole</code> <code class="type">bool</code>
51       </p>
52       <p>
53        Role can create more roles
54       </p></td></tr><tr><td class="catalog_table_entry"><p class="column_definition">
55        <code class="structfield">rolcreatedb</code> <code class="type">bool</code>
56       </p>
57       <p>
58        Role can create databases
59       </p></td></tr><tr><td class="catalog_table_entry"><p class="column_definition">
60        <code class="structfield">rolcanlogin</code> <code class="type">bool</code>
61       </p>
62       <p>
63        Role can log in. That is, this role can be given as the initial
64        session authorization identifier.
65       </p></td></tr><tr><td class="catalog_table_entry"><p class="column_definition">
66        <code class="structfield">rolreplication</code> <code class="type">bool</code>
67       </p>
68       <p>
69        Role is a replication role. A replication role can initiate replication
70        connections and create and drop replication slots.
71       </p></td></tr><tr><td class="catalog_table_entry"><p class="column_definition">
72        <code class="structfield">rolbypassrls</code> <code class="type">bool</code>
73       </p>
74       <p>
75        Role bypasses every row-level security policy, see
76        <a class="xref" href="ddl-rowsecurity.html" title="5.9. Row Security Policies">Section 5.9</a> for more information.
77       </p></td></tr><tr><td class="catalog_table_entry"><p class="column_definition">
78        <code class="structfield">rolconnlimit</code> <code class="type">int4</code>
79       </p>
80       <p>
81        For roles that can log in, this sets maximum number of concurrent
82        connections this role can make.  -1 means no limit.
83       </p></td></tr><tr><td class="catalog_table_entry"><p class="column_definition">
84        <code class="structfield">rolpassword</code> <code class="type">text</code>
85       </p>
86       <p>
87        Encrypted password; null if none. The format depends
88        on the form of encryption used.
89       </p></td></tr><tr><td class="catalog_table_entry"><p class="column_definition">
90        <code class="structfield">rolvaliduntil</code> <code class="type">timestamptz</code>
91       </p>
92       <p>
93        Password expiry time (only used for password authentication);
94        null if no expiration
95       </p></td></tr></tbody></table></div></div><br class="table-break" /><p>
96    For an MD5 encrypted password, <code class="structfield">rolpassword</code>
97    column will begin with the string <code class="literal">md5</code> followed by a
98    32-character hexadecimal MD5 hash. The MD5 hash will be of the user's
99    password concatenated to their user name. For example, if user
100    <code class="literal">joe</code> has password <code class="literal">xyzzy</code>, <span class="productname">PostgreSQL</span>
101    will store the md5 hash of <code class="literal">xyzzyjoe</code>.
102   </p><div class="warning"><h3 class="title">Warning</h3><p>
103     Support for MD5-encrypted passwords is deprecated and will be removed in a
104     future release of <span class="productname">PostgreSQL</span>.  Refer to
105     <a class="xref" href="auth-password.html" title="20.5. Password Authentication">Section 20.5</a> for details about migrating to another
106     password type.
107    </p></div><p>
108    If the password is encrypted with SCRAM-SHA-256, it has the format:
109 </p><pre class="synopsis">
110 SCRAM-SHA-256$<em class="replaceable"><code>&lt;iteration count&gt;</code></em>:<em class="replaceable"><code>&lt;salt&gt;</code></em>$<em class="replaceable"><code>&lt;StoredKey&gt;</code></em>:<em class="replaceable"><code>&lt;ServerKey&gt;</code></em>
111 </pre><p>
112    where <em class="replaceable"><code>salt</code></em>, <em class="replaceable"><code>StoredKey</code></em> and
113    <em class="replaceable"><code>ServerKey</code></em> are in Base64 encoded format. This format is
114    the same as that specified by <a class="ulink" href="https://datatracker.ietf.org/doc/html/rfc5803" target="_top">RFC 5803</a>.
115   </p></div><div class="navfooter"><hr /><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="catalog-pg-attribute.html" title="52.7. pg_attribute">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="catalogs.html" title="Chapter 52. System Catalogs">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="catalog-pg-auth-members.html" title="52.9. pg_auth_members">Next</a></td></tr><tr><td width="40%" align="left" valign="top">52.7. <code class="structname">pg_attribute</code> </td><td width="20%" align="center"><a accesskey="h" href="index.html" title="PostgreSQL 18.0 Documentation">Home</a></td><td width="40%" align="right" valign="top"> 52.9. <code class="structname">pg_auth_members</code></td></tr></table></div></body></html>
full postgres docs in easy to read format with index