This section describes the administrative commands pertaining to roles.
Create a role.
CREATE SUPERUSER ROLE name [ EXTENDING base [, ...] ]
"{" subcommand; [...] "}" ;
where subcommand is one of
SET password := password
CREATE ROLE
defines a new database role.
If specified, the created role will have the superuser status, and
will be exempt from all permission checks. Currently,
the SUPERUSER
qualifier is mandatory, i.e. it is not possible to
create non-superuser roles for now.
The name of the role to create.
If specified, declares the parent roles for this role. The role inherits all the privileges of the parents.
The following subcommands are allowed in the CREATE ROLE
block:
Set the password for the role.
Alter an existing role.
ALTER ROLE name "{" subcommand; [...] "}" ;
where subcommand is one of
RENAME TO newname
SET password := password
EXTENDING ...
ALTER ROLE
changes the settings of an existing role.
The name of the role to alter.
The following subcommands are allowed in the ALTER ROLE
block:
Change the name of the role to newname.
Alter the role parent list. The full syntax of this subcommand is:
EXTENDING name [, ...]
[ FIRST | LAST | BEFORE parent | AFTER parent ]
This subcommand makes the role a child of the specified list of parent roles. The role inherits all the privileges of the parents.
It is possible to specify the position in the parent list using the following optional keywords:
FIRST
– insert parent(s) at the beginning of the
parent list,
LAST
– insert parent(s) at the end of the parent list,
BEFORE <parent>
– insert parent(s) before an
existing parent,
AFTER <parent>
– insert parent(s) after an existing
parent.