Using Database Roles
There are several steps to using roles:
- A superuser creates a role using the CREATE ROLE statement.
- A superuser or object owner grants privileges to the role.
- A superuser or users with administrator access to the role grant users and other roles access to the role.
- Users granted access to the role run the SET ROLE command to make that role active and gain the role's privileges.
You can do steps 2 and 3 in any order. However, granting access to a role means little until the role has privileges granted to it.
Tip: Query system tables ROLES, GRANTS, and USERS to see any directly-assigned roles. Because these tables do not indicate whether a role is available to a user when roles could be available through other roles (indirectly), see the HAS_ROLE() function for additional information.