The view pg_roles provides access to information about database roles. This is simply a publicly readable view of pg_authid that blanks out the password field.
This view explicitly exposes the OID column of the underlying table, since that is needed to do joins to other catalogs.
Table 45-54. pg_roles Columns
|rolsuper||bool||Role has superuser privileges|
|rolinherit||bool||Role automatically inherits privileges of roles it is a member of|
|rolcreaterole||bool||Role can create more roles|
|rolcreatedb||bool||Role can create databases|
|rolcatupdate||bool||Role can update system catalogs directly. (Even a superuser cannot do this unless this column is true)|
|rolcanlogin||bool||Role can log in. That is, this role can be given as the initial session authorization identifier|
|rolconnlimit||int4||For roles that can log in, this sets maximum number of concurrent connections this role can make. -1 means no limit.|
|rolpassword||text||Not the password (always reads as ********)|
|rolvaliduntil||timestamptz||Password expiry time (only used for password authentication); null if no expiration|
|rolconfig||text||Role-specific defaults for run-time configuration variables|
|oid||oid||pg_authid.oid||ID of role|
If you see anything in the documentation that is not correct, does not match your experience with the particular feature or requires further clarification, please use this form to report a documentation issue.