Menu
Please explain what is the meaning of Create User and Create Role in PostgreSQL i am new at PostgreSQL.
I try to learn bye myself i understand Create User mean that user who are able to access database cluster and mange it in with in same computer where database cluster is created or from another computer with username and password.
And I think create Role mean which new user i create that user have which kind of role. If i set create role to user that he is not able to change database so he can't. But if i set create role this user are able to change database he can.
Can anyone explain more clearly?
Thanks in advance
907
Users, groups, and roles are the same thing in PostgreSQL, with the only difference being that users have permission to log in by default. The CREATE USER and CREATE GROUP statements are actually aliases for the CREATE ROLE statement.
Description. CREATE ROLE adds a new role to a PostgreSQL database cluster. A role is an entity that can own database objects and have database privileges; a role can be considered a “user”, a “group”, or both depending on how it is used.
PostgreSQL roles and users A user is a role with the ability to login (the role has the LOGIN attribute). Because all roles Cloud SQL creates have the LOGIN attribute, Cloud SQL uses the terms "role" and "user" interchangeably.
SQL Role. CREATE ROLE creates a set of privileges which may be assigned to users of a database. Once a role is assigned to a user, (s)he gets all the Privileges of that role. By creating and granting roles, best means of database security can be practiced.
In PostgreSQL 9.4 documentation it says: "CREATE USER is now an alias for CREATE ROLE. The only difference is that when the command is spelled CREATE USER, LOGIN is assumed by default, whereas NOLOGIN is assumed when the command is spelled CREATE ROLE."
So your question about CREATE ROLE and CREATE USER transfers to the question about the difference between the LOGIN and NOLOGIN attribute as PostgreSQL knows only roles.
According to the description the LOGIN/NOLOGIN attribute determines whether or not a role can be used to connect from a client. A client can be anything from your pgAdmin III to lets say a web application. To test this you might want to create a role with LOGIN attribute and use it instead of your postgres role to connect to your server via pdAdmin III.
A role with NOLOGIN attribute can't do this. This type of role can be regarded as an object you can add privileges to. LOGIN roles might then inherit those privileges by adding them as a member. One can think of the whole matter in terms of groups and users being members of groups.
So after all I think this is just another way of expressing what you already said.
165
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
