pg_auth_members Catalog: Role Membership Information

<productname>PostgreSQL</productname>. Refer to <xref linkend="auth-password"/> for details about migrating to another password type. </para> </warning> <para> If the password is encrypted with SCRAM-SHA-256, it has the format: <synopsis> SCRAM-SHA-256$<replaceable><iteration count></replaceable>:<replaceable><salt></replaceable>$<replaceable><StoredKey></replaceable>:<replaceable><ServerKey></replaceable> </synopsis> where <replaceable>salt</replaceable>, <replaceable>StoredKey</replaceable> and <replaceable>ServerKey</replaceable> are in Base64 encoded format. This format is the same as that specified by <ulink url="https://datatracker.ietf.org/doc/html/rfc5803">RFC 5803</ulink>. </para> </sect1> <sect1 id="catalog-pg-auth-members"> <title><structname>pg_auth_members</structname></title> <indexterm zone="catalog-pg-auth-members"> <primary>pg_auth_members</primary> </indexterm> <para> The catalog <structname>pg_auth_members</structname> shows the membership relations between roles. Any non-circular set of relationships is allowed. </para> <para> Because user identities are cluster-wide, <structname>pg_auth_members</structname> is shared across all databases of a cluster: there is only one copy of <structname>pg_auth_members</structname> per cluster, not one per database. </para> <table> <title><structname>pg_auth_members</structname> Columns</title> <tgroup cols="1"> <thead> <row> <entry role="catalog_table_entry"><para role="column_definition"> Column Type </para> <para> Description </para></entry> </row> </thead> <tbody> <row> <entry role="catalog_table_entry"><para role="column_definition"> <structfield>oid</structfield> <type>oid</type> </para> <para> Row identifier </para></entry> </row> <row> <entry role="catalog_table_entry"><para role="column_definition"> <structfield>roleid</structfield> <type>oid</type> (references <link linkend="catalog-pg-authid"><structname>pg_authid</structname></link>.<structfield>oid</structfield>) </para> <para> ID of a role that has a member </para></entry> </row> <row> <entry role="catalog_table_entry"><para role="column_definition"> <structfield>member</structfield> <type>oid</type> (references <link linkend="catalog-pg-authid"><structname>pg_authid</structname></link>.<structfield>oid</structfield>) </para> <para> ID of a role that is a member of <structfield>roleid</structfield> </para></entry> </row> <row> <entry role="catalog_table_entry"><para role="column_definition"> <structfield>grantor</structfield> <type>oid</type> (references <link linkend="catalog-pg-authid"><structname>pg_authid</structname></link>.<structfield>oid</structfield>) </para> <para> ID of the role that granted this membership </para></entry> </row> <row> <entry role="catalog_table_entry"><para role="column_definition"> <structfield>admin_option</structfield> <type>bool</type> </para> <para> True if <structfield>member</structfield> can grant membership in <structfield>roleid</structfield> to others </para></entry> </row> <row> <entry role="catalog_table_entry"><para role="column_definition"> <structfield>inherit_option</structfield> <type>bool</type> </para> <para> True if the member automatically inherits the privileges of the granted role </para></entry> </row> <row> <entry role="catalog_table_entry"><para role="column_definition"> <structfield>set_option</structfield> <type>bool</type> </para> <para> True if the member can <link linkend="sql-set-role"><command>SET ROLE</command></link>

This section describes the pg_auth_members catalog, which stores information about role membership relations in PostgreSQL. It explains that the catalog is cluster-wide and outlines the columns of the catalog, including the IDs of the role, the member, the grantor, and boolean flags indicating admin and inherit options. It also mentions the set_option, but the description is cut off.