HAS_ROLE
Indicates, with a Boolean value, whether a role has been assigned to a user. This function is useful for letting you check your own role membership.
Behavior Type
Syntax 1
HAS_ROLE( [ 'user_name' ,] 'role_name' );Syntax 2
HAS_ROLE( 'role_name' );Parameters
user_name |
[Optional] The name of a user to look up. Currently, only a superuser can supply the user_name argument. |
role_name |
The name of the role you want to verify has been granted. |
Privileges
Users can check their own role membership by calling HAS_ROLE('role_name'), but only a superuser can look up other users' memberships using the optional user_name parameter.
Notes
You can query V_CATALOG system tables ROLES, GRANTS, and USERS to show any directly-assigned roles; however, these tables do not indicate whether a role is available to a user when roles may be available through other roles (indirectly).
Examples
User Bob wants to see if he has been granted the commentor role:
=> SELECT HAS_ROLE('commentor');
Output t for true indicates that Bob has been assigned the commentor role:
HAS_ROLE ---------- t (1 row)
In the following function call, a superuser checks if the logadmin role has been granted to user Bob:
=> SELECT HAS_ROLE('Bob', 'logadmin');
HAS_ROLE
----------
t
(1 row)
To view the names of all roles users can access, along with any roles that have been assigned to those roles, query the V_CATALOG.ROLES system table. An asterisk in the output means role granted WITH ADMIN OPTION.
=> SELECT * FROM roles;
role_id | name | assigned_roles
-------------------+-----------------+----------------
45035996273704964 | public |
45035996273704966 | dbduser |
45035996273704968 | dbadmin | dbduser*
45035996273704972 | pseudosuperuser | dbadmin*
45035996273704974 | logreader |
45035996273704976 | logwriter |
45035996273704978 | logadmin | logreader,
logwriter
(7 rows)
