{"id":27606,"date":"2023-09-05T14:45:14","date_gmt":"2023-09-05T12:45:14","guid":{"rendered":"https:\/\/www.dbi-services.com\/blog\/?p=27606"},"modified":"2023-09-05T14:45:16","modified_gmt":"2023-09-05T12:45:16","slug":"create-user-create-role-what-should-be-used-in-postgresql","status":"publish","type":"post","link":"https:\/\/www.dbi-services.com\/blog\/create-user-create-role-what-should-be-used-in-postgresql\/","title":{"rendered":"&#8220;create user&#8221;, &#8220;create role&#8221;, what should be used in PostgreSQL?"},"content":{"rendered":"\n<p>Recently we&#8217;ve seen a video on YouTube which recommends not to use the &#8220;create user&#8221; command in PostgreSQL and instead always use the &#8220;create role&#8221; command. It was also mentioned that &#8220;create group&#8221; should not be used as well. We&#8217;ve been a bit surprised by this and this is the reason for this post.<\/p>\n\n\n\n<p>While we never use the &#8220;create group&#8221; command, there is nothing in the <a href=\"https:\/\/www.postgresql.org\/docs\/current\/sql-creategroup.html\" target=\"_blank\" rel=\"noreferrer noopener\">documentation<\/a> which recommends to avoid it. What is written there is, that &#8220;create group&#8221; is an alias for &#8220;create role&#8221;. This changed in version 8.1 of PostgreSQL and if you take a look at the <a href=\"https:\/\/www.postgresql.org\/docs\/8.1\/release-8-1.html\" target=\"_blank\" rel=\"noreferrer noopener\">release notes <\/a>you will find this: <\/p>\n\n\n\n<p>&#8220;Create a new role system that replaces users and groups (Stephen Frost)<\/p>\n\n\n\n<p>Roles are a combination of users and groups. Like users, they can have login capability, and like groups, a role can have other roles as members. Roles basically remove the distinction between users and groups. For example, a role can:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Have login capability (optionally)<\/li>\n\n\n\n<li>Own objects<\/li>\n\n\n\n<li>Hold access permissions for database objects<\/li>\n\n\n\n<li>Inherit permissions from other roles it is a member of<\/li>\n<\/ul>\n\n\n\n<p>Once a user logs into a role, she obtains capabilities of the login role plus any inherited roles, and can use SET ROLE to switch to other roles she is a member of. This feature is a generalization of the SQL standard&#8217;s concept of roles. This change also replaces pg_shadow and pg_group by new role-capable catalogs pg_authid and pg_auth_members. The old tables are redefined as read-only views on the new role tables.&#8221;<\/p>\n\n\n\n<p>This means that the only concept from there on are roles, users and groups internally are gone. This also explains why &#8220;create group&#8221; and &#8220;create user&#8221; are aliases for &#8220;create role&#8221; since then. <\/p>\n\n\n\n<p>There is, however, no warning in the documentation to avoid those commands. Internally a role will be created, no matter which command you use. On the other hand we like to use &#8220;create user&#8221; when we want to create a role with login privileges, it is just easier to read. The only difference between &#8220;create role&#8221; and &#8220;create user&#8221; is, that &#8220;create user&#8221; grants the login privilege by default, while &#8220;create role&#8221; does not:<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: sql; highlight: [1,3,8,10]; title: ; notranslate\" title=\"\">\npostgres=# create user u;\nCREATE ROLE\npostgres=# select rolcanlogin from pg_roles where rolname = &#039;u&#039;;\n rolcanlogin \n-------------\n t\n(1 row)\npostgres=# create role r;\nCREATE ROLE\npostgres=# select rolcanlogin from pg_roles where rolname = &#039;r&#039;;\n rolcanlogin \n-------------\n f\n(1 row)\n<\/pre><\/div>\n\n\n<p>From a pure PostgreSQL internals point of view it might make sense to recommend not to use &#8220;create group&#8221; and &#8220;create user&#8221;. From an end user or DBA perspective these commands are still valid and if you want to use them, go ahead. If you want to only stick with &#8220;create role&#8221;, this is also fine. <\/p>\n","protected":false},"excerpt":{"rendered":"<p>Recently we&#8217;ve seen a video on YouTube which recommends not to use the &#8220;create user&#8221; command in PostgreSQL and instead always use the &#8220;create role&#8221; command. It was also mentioned that &#8220;create group&#8221; should not be used as well. We&#8217;ve been a bit surprised by this and this is the reason for this post. While [&hellip;]<\/p>\n","protected":false},"author":29,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[229,198],"tags":[77],"type_dbi":[],"class_list":["post-27606","post","type-post","status-publish","format-standard","hentry","category-database-administration-monitoring","category-database-management","tag-postgresql"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.2 (Yoast SEO v27.2) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>&quot;create user&quot;, &quot;create role&quot;, what should be used in PostgreSQL? - dbi Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.dbi-services.com\/blog\/create-user-create-role-what-should-be-used-in-postgresql\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"&quot;create user&quot;, &quot;create role&quot;, what should be used in PostgreSQL?\" \/>\n<meta property=\"og:description\" content=\"Recently we&#8217;ve seen a video on YouTube which recommends not to use the &#8220;create user&#8221; command in PostgreSQL and instead always use the &#8220;create role&#8221; command. It was also mentioned that &#8220;create group&#8221; should not be used as well. We&#8217;ve been a bit surprised by this and this is the reason for this post. While [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.dbi-services.com\/blog\/create-user-create-role-what-should-be-used-in-postgresql\/\" \/>\n<meta property=\"og:site_name\" content=\"dbi Blog\" \/>\n<meta property=\"article:published_time\" content=\"2023-09-05T12:45:14+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-09-05T12:45:16+00:00\" \/>\n<meta name=\"author\" content=\"Daniel Westermann\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@westermanndanie\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Daniel Westermann\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.dbi-services.com\/blog\/create-user-create-role-what-should-be-used-in-postgresql\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.dbi-services.com\/blog\/create-user-create-role-what-should-be-used-in-postgresql\/\"},\"author\":{\"name\":\"Daniel Westermann\",\"@id\":\"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/8d08e9bd996a89bd75c0286cbabf3c66\"},\"headline\":\"&#8220;create user&#8221;, &#8220;create role&#8221;, what should be used in PostgreSQL?\",\"datePublished\":\"2023-09-05T12:45:14+00:00\",\"dateModified\":\"2023-09-05T12:45:16+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.dbi-services.com\/blog\/create-user-create-role-what-should-be-used-in-postgresql\/\"},\"wordCount\":434,\"commentCount\":0,\"keywords\":[\"PostgreSQL\"],\"articleSection\":[\"Database Administration &amp; Monitoring\",\"Database management\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.dbi-services.com\/blog\/create-user-create-role-what-should-be-used-in-postgresql\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.dbi-services.com\/blog\/create-user-create-role-what-should-be-used-in-postgresql\/\",\"url\":\"https:\/\/www.dbi-services.com\/blog\/create-user-create-role-what-should-be-used-in-postgresql\/\",\"name\":\"\\\"create user\\\", \\\"create role\\\", what should be used in PostgreSQL? - dbi Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.dbi-services.com\/blog\/#website\"},\"datePublished\":\"2023-09-05T12:45:14+00:00\",\"dateModified\":\"2023-09-05T12:45:16+00:00\",\"author\":{\"@id\":\"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/8d08e9bd996a89bd75c0286cbabf3c66\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.dbi-services.com\/blog\/create-user-create-role-what-should-be-used-in-postgresql\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.dbi-services.com\/blog\/create-user-create-role-what-should-be-used-in-postgresql\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.dbi-services.com\/blog\/create-user-create-role-what-should-be-used-in-postgresql\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\/\/www.dbi-services.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"&#8220;create user&#8221;, &#8220;create role&#8221;, what should be used in PostgreSQL?\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.dbi-services.com\/blog\/#website\",\"url\":\"https:\/\/www.dbi-services.com\/blog\/\",\"name\":\"dbi Blog\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.dbi-services.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/8d08e9bd996a89bd75c0286cbabf3c66\",\"name\":\"Daniel Westermann\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/secure.gravatar.com\/avatar\/31350ceeecb1dd8986339a29bf040d4cd3cd087d410deccd8f55234466d6c317?s=96&d=mm&r=g\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/31350ceeecb1dd8986339a29bf040d4cd3cd087d410deccd8f55234466d6c317?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/31350ceeecb1dd8986339a29bf040d4cd3cd087d410deccd8f55234466d6c317?s=96&d=mm&r=g\",\"caption\":\"Daniel Westermann\"},\"description\":\"Daniel Westermann is Principal Consultant and Technology Leader Open Infrastructure at dbi services. He has more than 15 years of experience in management, engineering and optimization of databases and infrastructures, especially on Oracle and PostgreSQL. Since the beginning of his career, he has specialized in Oracle Technologies and is Oracle Certified Professional 12c and Oracle Certified Expert RAC\/GridInfra. Over time, Daniel has become increasingly interested in open source technologies, becoming \u201cTechnology Leader Open Infrastructure\u201d and PostgreSQL expert. \u00a0Based on community or EnterpriseDB tools, he develops and installs complex high available solutions with PostgreSQL. He is also a certified PostgreSQL Plus 9.0 Professional and a Postgres Advanced Server 9.4 Professional. He is a regular speaker at PostgreSQL conferences in Switzerland and Europe. Today Daniel is also supporting our customers on AWS services such as AWS RDS, database migrations into the cloud, EC2 and automated infrastructure management with AWS SSM (System Manager). He is a certified AWS Solutions Architect Professional. Prior to dbi services, Daniel was Management System Engineer at LC SYSTEMS-Engineering AG in Basel. Before that, he worked as Oracle Developper &amp;\u00a0Project Manager at Delta Energy Solutions AG in Basel (today Powel AG). Daniel holds a diploma in Business Informatics (DHBW, Germany). His branch-related experience mainly covers the pharma industry, the financial sector, energy, lottery and telecommunications.\",\"sameAs\":[\"https:\/\/x.com\/westermanndanie\"],\"url\":\"https:\/\/www.dbi-services.com\/blog\/author\/daniel-westermann\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"\"create user\", \"create role\", what should be used in PostgreSQL? - dbi Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.dbi-services.com\/blog\/create-user-create-role-what-should-be-used-in-postgresql\/","og_locale":"en_US","og_type":"article","og_title":"\"create user\", \"create role\", what should be used in PostgreSQL?","og_description":"Recently we&#8217;ve seen a video on YouTube which recommends not to use the &#8220;create user&#8221; command in PostgreSQL and instead always use the &#8220;create role&#8221; command. It was also mentioned that &#8220;create group&#8221; should not be used as well. We&#8217;ve been a bit surprised by this and this is the reason for this post. While [&hellip;]","og_url":"https:\/\/www.dbi-services.com\/blog\/create-user-create-role-what-should-be-used-in-postgresql\/","og_site_name":"dbi Blog","article_published_time":"2023-09-05T12:45:14+00:00","article_modified_time":"2023-09-05T12:45:16+00:00","author":"Daniel Westermann","twitter_card":"summary_large_image","twitter_creator":"@westermanndanie","twitter_misc":{"Written by":"Daniel Westermann","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.dbi-services.com\/blog\/create-user-create-role-what-should-be-used-in-postgresql\/#article","isPartOf":{"@id":"https:\/\/www.dbi-services.com\/blog\/create-user-create-role-what-should-be-used-in-postgresql\/"},"author":{"name":"Daniel Westermann","@id":"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/8d08e9bd996a89bd75c0286cbabf3c66"},"headline":"&#8220;create user&#8221;, &#8220;create role&#8221;, what should be used in PostgreSQL?","datePublished":"2023-09-05T12:45:14+00:00","dateModified":"2023-09-05T12:45:16+00:00","mainEntityOfPage":{"@id":"https:\/\/www.dbi-services.com\/blog\/create-user-create-role-what-should-be-used-in-postgresql\/"},"wordCount":434,"commentCount":0,"keywords":["PostgreSQL"],"articleSection":["Database Administration &amp; Monitoring","Database management"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.dbi-services.com\/blog\/create-user-create-role-what-should-be-used-in-postgresql\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.dbi-services.com\/blog\/create-user-create-role-what-should-be-used-in-postgresql\/","url":"https:\/\/www.dbi-services.com\/blog\/create-user-create-role-what-should-be-used-in-postgresql\/","name":"\"create user\", \"create role\", what should be used in PostgreSQL? - dbi Blog","isPartOf":{"@id":"https:\/\/www.dbi-services.com\/blog\/#website"},"datePublished":"2023-09-05T12:45:14+00:00","dateModified":"2023-09-05T12:45:16+00:00","author":{"@id":"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/8d08e9bd996a89bd75c0286cbabf3c66"},"breadcrumb":{"@id":"https:\/\/www.dbi-services.com\/blog\/create-user-create-role-what-should-be-used-in-postgresql\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.dbi-services.com\/blog\/create-user-create-role-what-should-be-used-in-postgresql\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.dbi-services.com\/blog\/create-user-create-role-what-should-be-used-in-postgresql\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/www.dbi-services.com\/blog\/"},{"@type":"ListItem","position":2,"name":"&#8220;create user&#8221;, &#8220;create role&#8221;, what should be used in PostgreSQL?"}]},{"@type":"WebSite","@id":"https:\/\/www.dbi-services.com\/blog\/#website","url":"https:\/\/www.dbi-services.com\/blog\/","name":"dbi Blog","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.dbi-services.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/8d08e9bd996a89bd75c0286cbabf3c66","name":"Daniel Westermann","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/31350ceeecb1dd8986339a29bf040d4cd3cd087d410deccd8f55234466d6c317?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/31350ceeecb1dd8986339a29bf040d4cd3cd087d410deccd8f55234466d6c317?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/31350ceeecb1dd8986339a29bf040d4cd3cd087d410deccd8f55234466d6c317?s=96&d=mm&r=g","caption":"Daniel Westermann"},"description":"Daniel Westermann is Principal Consultant and Technology Leader Open Infrastructure at dbi services. He has more than 15 years of experience in management, engineering and optimization of databases and infrastructures, especially on Oracle and PostgreSQL. Since the beginning of his career, he has specialized in Oracle Technologies and is Oracle Certified Professional 12c and Oracle Certified Expert RAC\/GridInfra. Over time, Daniel has become increasingly interested in open source technologies, becoming \u201cTechnology Leader Open Infrastructure\u201d and PostgreSQL expert. \u00a0Based on community or EnterpriseDB tools, he develops and installs complex high available solutions with PostgreSQL. He is also a certified PostgreSQL Plus 9.0 Professional and a Postgres Advanced Server 9.4 Professional. He is a regular speaker at PostgreSQL conferences in Switzerland and Europe. Today Daniel is also supporting our customers on AWS services such as AWS RDS, database migrations into the cloud, EC2 and automated infrastructure management with AWS SSM (System Manager). He is a certified AWS Solutions Architect Professional. Prior to dbi services, Daniel was Management System Engineer at LC SYSTEMS-Engineering AG in Basel. Before that, he worked as Oracle Developper &amp;\u00a0Project Manager at Delta Energy Solutions AG in Basel (today Powel AG). Daniel holds a diploma in Business Informatics (DHBW, Germany). His branch-related experience mainly covers the pharma industry, the financial sector, energy, lottery and telecommunications.","sameAs":["https:\/\/x.com\/westermanndanie"],"url":"https:\/\/www.dbi-services.com\/blog\/author\/daniel-westermann\/"}]}},"_links":{"self":[{"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/posts\/27606","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/users\/29"}],"replies":[{"embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/comments?post=27606"}],"version-history":[{"count":4,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/posts\/27606\/revisions"}],"predecessor-version":[{"id":27633,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/posts\/27606\/revisions\/27633"}],"wp:attachment":[{"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/media?parent=27606"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/categories?post=27606"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/tags?post=27606"},{"taxonomy":"type","embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/type_dbi?post=27606"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}