A database user may have a number of attributes that define its privileges and interact with the client authentication system.
A database superuser bypasses all permission checks. Also,
only a superuser can create new users. To create a database
superuser, use CREATE USER
.
name
CREATEUSER
A user must be explicitly given permission to create databases
(except for superusers, since those bypass all permission
checks). To create such a user, use CREATE USER
.
name
CREATEDB
A password is only significant if the client authentication
method requires the user to supply a password when connecting
to the database. The password
,
md5
, and crypt
authentication methods
make use of passwords. Database passwords are separate from
operating system passwords. Specify a password upon user
creation with CREATE USER
.
name
PASSWORD 'string
'
A user's attributes can be modified after creation with
ALTER USER
.
See the reference pages for the CREATE USER and ALTER USER commands for details.
A user can also set personal defaults for many of the run-time configuration settings described in Section 16.4, “Run-time Configuration”. For example, if for some reason you want to disable index scans (hint: not a good idea) anytime you connect, you can use
ALTER USER myname SET enable_indexscan TO off;
This will save the setting (but not set it immediately). In
subsequent connections by this user it will appear as though
SET enable_indexscan TO off;
had been executed
just before the session started.
You can still alter this setting during the session; it will only
be the default. To undo any such setting, use ALTER USER
.
username
RESET varname
;