17.2. User Attributes

A database user may have a number of attributes that define its privileges and interact with the client authentication system.

superuser

A database superuser bypasses all permission checks. Also, only a superuser can create new users. To create a database superuser, use CREATE USER name CREATEUSER.

database creation

A user must be explicitly given permission to create databases (except for superusers, since those bypass all permission checks). To create such a user, use CREATE USER name CREATEDB.

password

A password is only significant if the client authentication method requires the user to supply a password when connecting to the database. The password, md5, and crypt authentication methods make use of passwords. Database passwords are separate from operating system passwords. Specify a password upon user creation with CREATE USER name PASSWORD 'string'.

A user's attributes can be modified after creation with ALTER USER. See the reference pages for CREATE USER and ALTER USER for details.

A user can also set personal defaults for many of the run-time configuration settings described in Section 16.4. For example, if for some reason you want to disable index scans (hint: not a good idea) anytime you connect, you can use

ALTER USER myname SET enable_indexscan TO off;

This will save the setting (but not set it immediately) and in subsequent connections it will appear as though SET enable_indexscan TO off; had been called right before the session started. You can still alter this setting during the session; it will only be the default. To undo any such setting, use ALTER USER username RESET varname;.