gotchasqlMinor
What the difference between User, Login and role in postgresql?
Viewed 0 times
postgresqlthewhatuserloginroledifferencebetweenand
Problem
In my case I wanted to prevent table and view listing from db that has 2 schemas:
And I wanted to prevent any table and view listing from public to a specific user therefore I consulted this answer: https://dba.stackexchange.com/a/177272/118215
But whist I was reading the answer, I noticed that ROLE is different than USER and login is a different "entity" from the ones above.
Despite being related I cannot understand the different between:
Therefore can someone explain to the the difference?
- public
- bi
And I wanted to prevent any table and view listing from public to a specific user therefore I consulted this answer: https://dba.stackexchange.com/a/177272/118215
But whist I was reading the answer, I noticed that ROLE is different than USER and login is a different "entity" from the ones above.
Despite being related I cannot understand the different between:
- Login
- ROLE
- USER
Therefore can someone explain to the the difference?
Solution
The only entity PostgreSQL has is a ROLE. The ROLE can own objects (tables, views) and be a "group role". But there is no such entities as LOGIN and USER. Other DBMS have "login", "user", "group", "role" as separate entities (Oracle, MSSQL, etc). But PostgreSQL is unique that way, it has only ROLE.
If ROLE has login attribute - it is called a LOGIN. Then a client (a human, or some automatic service) connects to database, the client supplies a name of such role. Any role can have a login attribute.
There are no USER entity. For convenience, the DBMS has two functions
but they are just wrappers around
The easy way to think about it: A USER is just a ROLE which belongs to a single person. But this is just a convenience.
If you want several people have access to a table, the most convenient way to do it is to create a group role (
If ROLE has login attribute - it is called a LOGIN. Then a client (a human, or some automatic service) connects to database, the client supplies a name of such role. Any role can have a login attribute.
There are no USER entity. For convenience, the DBMS has two functions
create user name
drop user namebut they are just wrappers around
create role name login
drop role nameThe easy way to think about it: A USER is just a ROLE which belongs to a single person. But this is just a convenience.
If you want several people have access to a table, the most convenient way to do it is to create a group role (
GRANT group_role TO role1, role2, role3), and give group_role access to the table. Now when a person logins to the role1 and tries to access a table - the permission would be checked against role1 and group_role - if at least one of them has access - success.Code Snippets
create user name
drop user namecreate role name login
drop role nameContext
StackExchange Database Administrators Q#325711, answer score: 4
Revisions (0)
No revisions yet.