Chapter 20. Database Roles and Privileges
PostgreSQL manages database access permissions
using the concept of roles. A role can be thought of as
either a database user, or a group of database users, depending on how
the role is set up. Roles can own database objects (for example,
tables) and can assign privileges on those objects to other roles to
control who has access to which objects. Furthermore, it is possible
to grant membership in a role to another role, thus
allowing the member role to use privileges assigned to another role.
The concept of roles subsumes the concepts of "users" and
"groups". In PostgreSQL versions
before 8.1, users and groups were distinct kinds of entities, but now
there are only roles. Any role can act as a user, a group, or both.
This chapter describes how to create and manage roles and introduces
the privilege system. More information about the various types of
database objects and the effects of privileges can be found in