I am a bit confused by the role attribute LOGIN | NONLOGIN
, where postgres docs says:
These clauses determine whether a role is allowed to log in; that is,
whether the role can be given as the initial session authorization
name during client connection. A role having the LOGIN attribute can
be thought of as a user. Roles without this attribute are useful for
managing database privileges, but are not users in the usual sense of
the word. If not specified, NONLOGIN is the default, except when CREATE
ROLE is invoked through its alternative spelling CREATE USER.
What is a possible restriction with NONLOGIN
? Why would people want a role with NONLOGIN
in the first place?
Best Answer
The clause is
NOLOGIN
, not. (I suggest copy/paste for quotes.)NONLOGIN
The clause is for "group" roles, which used to actually be
GROUP
before Postgres 8.1 - which is still supported. SeeCREATE GROUP
in the manual. Related:Group roles are very useful to bundle privileges and then grant / revoke the whole package to
LOGIN
roles. See:Or to act as demons within the database: