A database user may have a number of attributes that define its
privileges and interact with the client authentication system.
- superuser
A database superuser bypasses all permission checks. Also,
only a superuser can create new users. To create a database
superuser, use CREATE USER name
CREATEUSER.
- database creation
A user must be explicitly given permission to create databases
(except for superusers, since those bypass all permission
checks). To create such a user, use CREATE USER
name CREATEDB.
- password
A password is only significant if the client authentication
method requires the user to supply a password when connecting
to the database. The password,
md5, and crypt authentication methods
make use of passwords. Database passwords are separate from
operating system passwords. Specify a password upon user
creation with CREATE USER
name PASSWORD 'string'.
A user's attributes can be modified after creation with
ALTER USER.
See the reference pages for CREATE USER and
ALTER USER for details.
A user can also set personal defaults for many of the run-time
configuration settings described in Section 3.4. For example, if for some reason you
want to disable index scans (hint: not a good idea) anytime you
connect, you can use
ALTER USER myname SET enable_indexscan TO off;
This will save the setting (but not set it immediately) and in
subsequent connections it will appear as though SET enable_indexscan
TO off; had been called right before the session started.
You can still alter this setting during the session; it will only
be the default. To undo any such setting, use ALTER USER
username RESET varname;.
