# pg_roles

The view `pg_roles` provides access to information about database roles. This is simply a publicly readable view of `pg_authid` that blanks out the password field.

This view explicitly exposes the OID column of the underlying table, since that is needed to do joins to other catalogs.

Table 1. `pg_catalog.pg_roles`

| Name                 | Type          | References      | Description                                                                                                         |
|----------------------|---------------|-----------------|---------------------------------------------------------------------------------------------------------------------|
| `rolname`            | `name`        |                 | Role name                                                                                                           |
| `rolsuper`           | `bool`        |                 | Role has superuser privileges                                                                                       |
| `rolinherit`         | `bool`        |                 | Role automatically inherits privileges of roles it is a member of                                                   |
| `rolcreaterole`      | `bool`        |                 | Role may create more roles                                                                                          |
| `rolcreatedb`        | `bool`        |                 | Role may create databases                                                                                           |
| `rolcanlogin`        | `bool`        |                 | Role may log in. That is, this role can be given as the initial session authorization identifier                    |
| `rolreplication`     | `bool`        |                 | User can initiate streaming replication and put the system in and out of backup mode                                |
| `rolconnlimit`       | `int4`        |                 | For roles that can log in, this sets maximum number of concurrent connections this role can make. -1 means no limit |
| `rolpassword`        | `text`        |                 | Not the password (always reads as `********`)                                                                       |
| `rolvaliduntil`      | `timestamptz` |                 | Password expiry time (only used for password authentication); NULL if no expiration                                 |
| `rolbypassrls`       | `bool`        |                 | User bypasses every row-level security policy                                                                       |
| `rolconfig`          | `text[]`      |                 | Session defaults for run-time configuration variables                                                               |
| `rolresqueue`        | `oid`         |                 | resqueue oid of the user                                                                                            |
| `oid`                | `oid`         | `pg_authid.oid` | ID of role                                                                                                          |
| `rolcreaterextgpfd ` | `bool`        |                 | Privilege to create read external tables with the `gpfdist` or `gpfdists` protocol                                  |
| `rolcreaterexthttp ` | `bool`        |                 | Privilege to create read external tables with the `http` protocol                                                   |
| `rolcreatewextgpfd ` | `bool`        |                 | Privilege to create write external tables with the `gpfdist` or `gpfdists` protocol                                 |
| `rolresgroup ` | `oid`        |                 | Object ID of the associated resource group ID in pg_resgroup                                 |