CREATE ROLE Parameters (Part 1)

<variablelist> <varlistentry> <term><replaceable class="parameter">name</replaceable></term> <listitem> <para> The name of the new role. </para> </listitem> </varlistentry> <varlistentry> <term><literal>SUPERUSER</literal></term> <term><literal>NOSUPERUSER</literal></term> <listitem> <para> These clauses determine whether the new role is a <quote>superuser</quote>, who can override all access restrictions within the database. Superuser status is dangerous and should be used only when really needed. You must yourself be a superuser to create a new superuser. If not specified, <literal>NOSUPERUSER</literal> is the default. </para> </listitem> </varlistentry> <varlistentry> <term><literal>CREATEDB</literal></term> <term><literal>NOCREATEDB</literal></term> <listitem> <para> These clauses define a role's ability to create databases. If <literal>CREATEDB</literal> is specified, the role being defined will be allowed to create new databases. Specifying <literal>NOCREATEDB</literal> will deny a role the ability to create databases. If not specified, <literal>NOCREATEDB</literal> is the default. Only superuser roles or roles with <literal>CREATEDB</literal> can specify <literal>CREATEDB</literal>. </para> </listitem> </varlistentry> <varlistentry> <term><literal>CREATEROLE</literal></term> <term><literal>NOCREATEROLE</literal></term> <listitem> <para> These clauses determine whether a role will be permitted to create, alter, drop, comment on, and change the security label for other roles. See <xref linkend="role-creation"/> for more details about what capabilities are conferred by this privilege. If not specified, <literal>NOCREATEROLE</literal> is the default. </para> </listitem> </varlistentry> <varlistentry> <term><literal>INHERIT</literal></term> <term><literal>NOINHERIT</literal></term> <listitem> <para> This affects the membership inheritance status when this role is added as a member of another role, both in this and future commands. Specifically, it controls the inheritance status of memberships added with this command using the <literal>IN ROLE</literal> clause, and in later commands using the <literal>ROLE</literal> clause. It is also used as the default inheritance status when adding this role as a member using the <literal>GRANT</literal> command. If not specified, <literal>INHERIT</literal> is the default. </para> <para> In <productname>PostgreSQL</productname> versions before 16, inheritance was a role-level attribute that controlled all runtime membership checks for that role. </para> </listitem> </varlistentry> <varlistentry> <term><literal>LOGIN</literal></term> <term><literal>NOLOGIN</literal></term> <listitem> <para> These clauses determine whether a role is allowed to log in; that is, whether the role can be given as the initial session authorization name during client connection. A role having the <literal>LOGIN</literal> attribute can be thought of as a user. Roles without this attribute are useful for managing database privileges, but are not users in the usual sense of the word. If not specified, <literal>NOLOGIN</literal> is the default, except when <command>CREATE ROLE</command> is invoked through its alternative spelling <link linkend="sql-createuser"><command>CREATE USER</command></link>. </para> </listitem> </varlistentry> <varlistentry> <term><literal>REPLICATION</literal></term>

This section details the parameters available when creating a role in PostgreSQL using the CREATE ROLE command. It explains the purpose of parameters like role name, SUPERUSER/NOSUPERUSER (controlling access restrictions), CREATEDB/NOCREATEDB (defining the ability to create databases), CREATEROLE/NOCREATEROLE (controlling the ability to create, alter, and drop other roles), INHERIT/NOINHERIT (controlling membership inheritance), and LOGIN/NOLOGIN (determining if the role can log in as a user).