pg_authid

The pg_authid table contains information about database authorization identifiers (roles). A role subsumes the concepts of users and groups. A user is a role with the rolcanlogin flag set. Any role (with or without rolcanlogin) may have other roles as members. See pg_auth_members.

Since this catalog contains passwords, it must not be publicly readable. pg_roles is a publicly readable view on pg_authid that blanks out the password field.

Because user identities are system-wide, pg_authid is shared across all databases in a OushuDB system: there is only one copy of pg_authid per system, not one per database.

Table 1. pg_catalog.pg_authid

column	type	references	description
rolname	name		Role name
rolsuper	boolean		Role has superuser privileges
rolinherit	boolean		Role automatically inherits privileges of roles it is a member of
rolcreaterole	boolean		Role may create more roles
rolcreatedb	boolean		Role may create databases
rolcatupdate	boolean		Role may update system catalogs directly. (Even a superuser may not do this unless this column is true)
rolcanlogin	boolean		Role may log in. That is, this role can be given as the initial session authorization identifier
rolconnlimit	int4		For roles that can log in, this sets maximum number of concurrent connections this role can make. -1 means no limit
rolpassword	text		Password (possibly encrypted); NULL if none
rolvaliduntil	timestamptz		Password expiry time (only used for password authentication); NULL if no expiration
rolconfig	text[]		Session defaults for server configuration parameters
relresqueue	oid		Object ID of the associated resource queue ID in pg_resqueue
rolcreaterextgpfd	boolean		Privilege to create read external tables with the gpfdist or gpfdists protocol
rolcreaterexhttp	boolean		Privilege to create read external tables with the http protocol
rolcreatewextgpfd	boolean		Privilege to create write external tables with the gpfdist or gpfdists protocol
rolcreaterexthdfs	boolean		Privilege to create read external tables with the gphdfs protocol. (gphdfs is deprecated.)
rolcreatewexthdfs	boolean		Privilege to create write external tables with the gphdfs protocol. (gphdfs is deprecated.)
rolcreaterexthive	boolean		Privilege to create read hive tables.
rolcreatewexthive	boolean		Privilege to create write hive tables.
rolcreaterextmagma	boolean		Privilege to create read magma tables.
rolcreatewextmagma	boolean		Privilege to create write magma tables.
rolcreaterexts3	boolean		Privilege to create read s3 tables.
rolcreatewexts3	boolean		Privilege to create write s3 tables.
rolcreatevc	boolean		Privilege to create vc.