PostgreSQL predefined roles

From wikieduonline
Jump to navigation Jump to search


  • pg_read_all_data Read all data (tables, views, sequences), as if having SELECT rights on those objects, and USAGE rights on all schemas, even without having it explicitly. This role does not have the role attribute BYPASSRLS set. If RLS is being used, an administrator may wish to set BYPASSRLS on roles which this role is GRANTed to.
  • pg_write_all_data Write all data (tables, views, sequences), as if having INSERT, UPDATE, and DELETE rights on those objects, and USAGE rights on all schemas, even without having it explicitly. This role does not have the role attribute BYPASSRLS set. If RLS is being used, an administrator may wish to set BYPASSRLS on roles which this role is GRANTed to.
  • pg_read_all_settings Read all configuration variables, even those normally visible only to superusers.
  • pg_read_all_stats Read all pg_stat_* views and use various statistics related extensions, even those normally visible only to superusers.
  • pg_stat_scan_tables Execute monitoring functions that may take ACCESS SHARE locks on tables, potentially for a long time.
  • pg_monitor Read/execute various monitoring views and functions. This role is a member of pg_read_all_settings, pg_read_all_stats and pg_stat_scan_tables.
  • pg_database_owner None. Membership consists, implicitly, of the current database owner.
  • pg_signal_backend Signal another backend to cancel a query or terminate its session.
  • pg_read_server_files Allow reading files from any location the database can access on the server with COPY and other file-access functions.
  • pg_write_server_files Allow writing to files in any location the database can access on the server with COPY and other file-access functions.
  • pg_execute_server_program Allow executing programs on the database server as the user the database runs as with COPY and other functions which allow executing a server-side program.
  • pg_checkpoint Allow executing the CHECKPOINT command.
  • pg_use_reserved_connections Allow use of connection slots reserved via reserved_connections.
  • pg_create_subscription Allow users with CREATE permission on the database to issue CREATE SUBSCRIPTION.


GRANT pg_read_all_data TO xxx;
create user

See also

Advertising: