<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <HTML ><HEAD ><TITLE >User Attributes</TITLE ><META NAME="GENERATOR" CONTENT="Modular DocBook HTML Stylesheet Version 1.79"><LINK REV="MADE" HREF="mailto:pgsql-docs@postgresql.org"><LINK REL="HOME" TITLE="PostgreSQL 8.0.11 Documentation" HREF="index.html"><LINK REL="UP" TITLE="Database Users and Privileges" HREF="user-manag.html"><LINK REL="PREVIOUS" TITLE="Database Users and Privileges" HREF="user-manag.html"><LINK REL="NEXT" TITLE="Groups" HREF="groups.html"><LINK REL="STYLESHEET" TYPE="text/css" HREF="stylesheet.css"><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=ISO-8859-1"><META NAME="creation" CONTENT="2007-02-02T03:57:22"></HEAD ><BODY CLASS="SECT1" ><DIV CLASS="NAVHEADER" ><TABLE SUMMARY="Header navigation table" WIDTH="100%" BORDER="0" CELLPADDING="0" CELLSPACING="0" ><TR ><TH COLSPAN="5" ALIGN="center" VALIGN="bottom" >PostgreSQL 8.0.11 Documentation</TH ></TR ><TR ><TD WIDTH="10%" ALIGN="left" VALIGN="top" ><A HREF="user-manag.html" ACCESSKEY="P" >Prev</A ></TD ><TD WIDTH="10%" ALIGN="left" VALIGN="top" ><A HREF="user-manag.html" >Fast Backward</A ></TD ><TD WIDTH="60%" ALIGN="center" VALIGN="bottom" >Chapter 17. Database Users and Privileges</TD ><TD WIDTH="10%" ALIGN="right" VALIGN="top" ><A HREF="user-manag.html" >Fast Forward</A ></TD ><TD WIDTH="10%" ALIGN="right" VALIGN="top" ><A HREF="groups.html" ACCESSKEY="N" >Next</A ></TD ></TR ></TABLE ><HR ALIGN="LEFT" WIDTH="100%"></DIV ><DIV CLASS="SECT1" ><H1 CLASS="SECT1" ><A NAME="USER-ATTRIBUTES" >17.2. User Attributes</A ></H1 ><P > A database user may have a number of attributes that define its privileges and interact with the client authentication system. <P ></P ></P><DIV CLASS="VARIABLELIST" ><DL ><DT >superuser<A NAME="AEN19527" ></A ></DT ><DD ><P > A database superuser bypasses all permission checks. Also, only a superuser can create new users. To create a database superuser, use <TT CLASS="LITERAL" >CREATE USER <TT CLASS="REPLACEABLE" ><I >name</I ></TT > CREATEUSER</TT >. </P ></DD ><DT >database creation<A NAME="AEN19535" ></A ></DT ><DD ><P > A user must be explicitly given permission to create databases (except for superusers, since those bypass all permission checks). To create such a user, use <TT CLASS="LITERAL" >CREATE USER <TT CLASS="REPLACEABLE" ><I >name</I ></TT > CREATEDB</TT >. </P ></DD ><DT >password<A NAME="AEN19544" ></A ></DT ><DD ><P > A password is only significant if the client authentication method requires the user to supply a password when connecting to the database. The <TT CLASS="OPTION" >password</TT >, <TT CLASS="OPTION" >md5</TT >, and <TT CLASS="OPTION" >crypt</TT > authentication methods make use of passwords. Database passwords are separate from operating system passwords. Specify a password upon user creation with <TT CLASS="LITERAL" >CREATE USER <TT CLASS="REPLACEABLE" ><I >name</I ></TT > PASSWORD '<TT CLASS="REPLACEABLE" ><I >string</I ></TT >'</TT >. </P ></DD ></DL ></DIV ><P> A user's attributes can be modified after creation with <TT CLASS="COMMAND" >ALTER USER</TT >.<A NAME="AEN19555" ></A > See the reference pages for the <A HREF="sql-createuser.html" ><I >CREATE USER</I ></A > and <A HREF="sql-alteruser.html" ><I >ALTER USER</I ></A > commands for details. </P ><P > A user can also set personal defaults for many of the run-time configuration settings described in <A HREF="runtime-config.html" >Section 16.4</A >. For example, if for some reason you want to disable index scans (hint: not a good idea) anytime you connect, you can use </P><PRE CLASS="PROGRAMLISTING" >ALTER USER myname SET enable_indexscan TO off;</PRE ><P> This will save the setting (but not set it immediately). In subsequent connections by this user it will appear as though <TT CLASS="LITERAL" >SET enable_indexscan TO off;</TT > had been executed just before the session started. You can still alter this setting during the session; it will only be the default. To undo any such setting, use <TT CLASS="LITERAL" >ALTER USER <TT CLASS="REPLACEABLE" ><I >username</I ></TT > RESET <TT CLASS="REPLACEABLE" ><I >varname</I ></TT >;</TT >. </P ></DIV ><DIV CLASS="NAVFOOTER" ><HR ALIGN="LEFT" WIDTH="100%"><TABLE SUMMARY="Footer navigation table" WIDTH="100%" BORDER="0" CELLPADDING="0" CELLSPACING="0" ><TR ><TD WIDTH="33%" ALIGN="left" VALIGN="top" ><A HREF="user-manag.html" ACCESSKEY="P" >Prev</A ></TD ><TD WIDTH="34%" ALIGN="center" VALIGN="top" ><A HREF="index.html" ACCESSKEY="H" >Home</A ></TD ><TD WIDTH="33%" ALIGN="right" VALIGN="top" ><A HREF="groups.html" ACCESSKEY="N" >Next</A ></TD ></TR ><TR ><TD WIDTH="33%" ALIGN="left" VALIGN="top" >Database Users and Privileges</TD ><TD WIDTH="34%" ALIGN="center" VALIGN="top" ><A HREF="user-manag.html" ACCESSKEY="U" >Up</A ></TD ><TD WIDTH="33%" ALIGN="right" VALIGN="top" >Groups</TD ></TR ></TABLE ></DIV ></BODY ></HTML >