Unsupported versions: 8.0 / 7.4 / 7.3
This documentation is for an unsupported version of PostgreSQL.
You may want to view the same page for the current version, or one of the other supported versions listed above instead.

17.2. User Attributes

A database user may have a number of attributes that define its privileges and interact with the client authentication system.


A database superuser bypasses all permission checks. Also, only a superuser can create new users. To create a database superuser, use CREATE USER name CREATEUSER.

database creation

A user must be explicitly given permission to create databases (except for superusers, since those bypass all permission checks). To create such a user, use CREATE USER name CREATEDB.


A password is only significant if the client authentication method requires the user to supply a password when connecting to the database. The password, md5, and crypt authentication methods make use of passwords. Database passwords are separate from operating system passwords. Specify a password upon user creation with CREATE USER name PASSWORD 'string'.

A user's attributes can be modified after creation with ALTER USER. See the reference pages for CREATE USER and ALTER USER for details.

A user can also set personal defaults for many of the run-time configuration settings described in Section 16.4. For example, if for some reason you want to disable index scans (hint: not a good idea) anytime you connect, you can use

ALTER USER myname SET enable_indexscan TO off;

This will save the setting (but not set it immediately) and in subsequent connections it will appear as though SET enable_indexscan TO off; had been called right before the session started. You can still alter this setting during the session; it will only be the default. To undo any such setting, use ALTER USER username RESET varname;.