Skip to main content
Documents
Basic SyntaxMath FunctionsDate FunctionsJSON FunctionsDatabasesTables & Schema ManagementString FunctionsTriggersIndexes

PostgreSQL CREATE ROLE

PostgreSQL is an advanced, open-source relational database management system that supports complex queries and large-scale data operations. It is widely used for managing data in web and application servers, due to its reliability and scalability.

Usage

PostgreSQL allows you to create roles, which are entities that can own database objects and have database privileges. Roles can be used for authentication purposes, permission management, and defining user access levels. In PostgreSQL, a role can function as a user or as a group of users.


CREATE ROLE role_name
[WITH option [option ...]];

In this syntax, role_name is the name of the role you wish to create, and option specifies the attributes and privileges assigned to this role, such as LOGIN, SUPERUSER, CREATEDB, or CREATEROLE. Note that the PASSWORD option requires the LOGIN privilege to be effective.

Examples

1. Basic Role Creation


CREATE ROLE readonly_user;

This example creates a basic role named readonly_user with no additional privileges. It cannot log in or perform any actions until further attributes are assigned.

2. Role with Login Privilege


CREATE ROLE editor_user WITH LOGIN PASSWORD 'securepassword';

Here, a role named editor_user is created with login capability and a specified password, allowing it to authenticate and connect to the database.

3. Role with Multiple Privileges


CREATE ROLE admin_user WITH LOGIN SUPERUSER CREATEDB CREATEROLE PASSWORD 'adminpassword';

In this example, admin_user is granted several privileges, including SUPERUSER (full control over the database), CREATEDB (ability to create databases), and CREATEROLE (ability to create, alter, and drop other roles).

Tips and Best Practices

  • Grant only necessary privileges. Avoid assigning more privileges than required to minimize security risks.
  • Use descriptive role names. Clearly named roles help identify their purpose and associated privileges.
  • Regularly review role privileges. Periodically update roles to ensure alignment with current security and operational policies.
  • Secure passwords. Always use strong, complex passwords, especially for roles with login capabilities.
  • Consider role inheritance. Use role inheritance to manage complex permission structures by granting roles to other roles.

Additional Information

  • To modify an existing role, use the ALTER ROLE command. For example: 
    
    ALTER ROLE role_name WITH NEW_OPTION;
  • To remove a role, use the DROP ROLE command: 
    
    DROP ROLE role_name;
  • Roles can be granted to other roles, allowing for role inheritance, which can simplify permission management in larger systems.

Roles can also be associated with schemas and used in multi-tenant database environments. This allows for effective separation and management of access control within shared databases.