The view pg_roles provides access to information about database roles. This is simply a publicly readable view of pg_authid that blanks out the password field.
This view explicitly exposes the OID column of the underlying table, since that is needed to do joins to other catalogs.
Table 44-49. pg_roles Columns
Name | Type | References | Description |
---|---|---|---|
rolname | name | Role name | |
rolsuper | bool | Role has superuser privileges | |
rolinherit | bool | Role automatically inherits privileges of roles it is a member of | |
rolcreaterole | bool | Role can create more roles | |
rolcreatedb | bool | Role can create databases | |
rolcatupdate | bool | Role can update system catalogs directly. (Even a superuser cannot do this unless this column is true.) | |
rolcanlogin | bool | Role can log in. That is, this role can be given as the initial session authorization identifier | |
rolconnlimit | int4 | For roles that can log in, this sets maximum number of concurrent connections this role can make. -1 means no limit | |
rolpassword | text | Not the password (always reads as ********) | |
rolvaliduntil | timestamptz | Password expiry time (only used for password authentication); NULL if no expiration | |
rolconfig | text[] | Session defaults for run-time configuration variables | |
oid | oid | pg_authid.oid | ID of role |