Learn with Yasir

Share Your Feedback

CREATE ROLE in PostgreSQL | User Management & Permissions Guide


Learn how to create roles and users in PostgreSQL with login privileges, passwords, and permission management. Includes practical examples and CREATE ROLE syntax.

In PostgreSQL, a role is a central concept for managing users and permissions.

πŸ”Ή What is a Role?

A role is an entity that can:

  • Own database objects (tables, views, etc.)
  • Have permissions (SELECT, INSERT, etc.)
  • Login into the database (if allowed)

πŸ‘‰ In simple words: Role = User + Permissions system

πŸ”Ή Types of Roles

There are mainly two types:

1. Login Role (User)

  • Can log in to the database
  • Example: student1, admin

2. Group Role

  • Cannot log in
  • Used to assign permissions to multiple users

πŸ”Ή Why We Use Roles?

Roles are used for security and management:

βœ… 1. Access Control

  • Restrict who can access data

βœ… 2. Permission Management

  • Assign permissions once to a role, then assign role to many users

βœ… 3. Better Organization

  • Separate admin, teacher, student roles

βœ… 4. Data Security

  • Prevent unauthorized changes

πŸ”Ή Syntax: Create Role

Basic Syntax:

CREATE ROLE role_name;

πŸ”Ή Create Role with Login (User)

CREATE ROLE student1
WITH LOGIN
PASSWORD '1234';

πŸ”Ή Create Role with Common Options

CREATE ROLE teacher
WITH 
LOGIN
PASSWORD 'securepass'
CREATEDB
CREATEROLE;

πŸ”Ή Important Options

Option Meaning
LOGIN Can log in (makes it a user)
PASSWORD Set password
CREATEDB Can create databases
CREATEROLE Can create roles
SUPERUSER Full access (admin)
NOSUPERUSER Normal user

πŸ”Ή Example

CREATE ROLE admin_user
WITH LOGIN
PASSWORD 'admin123'
SUPERUSER;

πŸ”Ή Grant Role to Another User

GRANT teacher TO student1;

πŸ§ͺ Lab: Understanding Roles using dvdrental Database

🎯 Learning Outcomes

Students will:

  • Understand what a role is
  • Create roles with different privileges
  • View and analyze roles
  • Change database ownership
  • Understand ownership vs permissions

πŸ”Ή Step 1: Create a New Role (User)

Before assigning ownership, the role must exist.

CREATE ROLE senior_admin 
WITH LOGIN 
PASSWORD 'secure_pass123';

🧠 Concept:

  • LOGIN β†’ makes it a user
  • Without LOGIN β†’ it is just a group role

πŸ‘‰ Key Idea: In PostgreSQL, there is no separate β€œuser” concept β€” everything is a role

πŸ”Ή Step 2: View All Roles

SELECT rolname FROM pg_roles;

βœ”οΈ This retrieves all roles in the server.

πŸ” Understanding pg_roles

  • It is a system catalog view

  • Stores:

    • Users
    • Groups
    • Privileges
    • Role attributes

πŸ“Š Better Query (Detailed View)

SELECT 
    rolname, 
    rolsuper, 
    rolcreaterole, 
    rolcreatedb, 
    rolcanlogin
FROM pg_roles;

🧠 Column Understanding:

Column Meaning
rolname Role name
rolsuper Superuser or not
rolcreaterole Can create roles
rolcreatedb Can create DB
rolcanlogin Can login

🎯 Filter Only Users

SELECT rolname
FROM pg_roles
WHERE rolcanlogin = true;

πŸ–₯️ Alternative (psql)

\du

πŸ”Ή Step 3: Assign Ownership of dvdrental

ALTER DATABASE dvdrental OWNER TO senior_admin;

🧠 Concept: Ownership

Ownership is very powerful:

  • Owner can:

    • Drop database
    • Rename database
    • Grant permissions

πŸ‘‰ Ownership β‰  Normal permissions

❗ Database Ownership vs Table Ownership

After running:

ALTER DATABASE dvdrental OWNER TO senior_admin;

βœ”οΈ Only the database owner changes

❌ Tables like:

  • film
  • actor
  • customer

πŸ‘‰ DO NOT change owner automatically

πŸ”Ή Step 4: Verify Ownership

In terminal:

\l

Expected Output:

Database Owner
dvdrental senior_admin

⚠️ Permissions Requirement

Only:

  • Superuser
  • OR current database owner

πŸ‘‰ can run ALTER DATABASE

Otherwise: ❌ permission denied