A database user may have a number of attributes that define its privileges and interact with the client authentication system.
A database superuser bypasses all permission checks. Also, only a superuser can create new users. To create a database superuser, use CREATE USER name CREATEUSER.
- database creation
A user must be explicitly given permission to create databases (except for superusers, since those bypass all permission checks). To create such a user, use CREATE USER name CREATEDB.
A password is only significant if the client authentication method requires the user to supply a password when connecting to the database. The password, md5, and crypt authentication methods make use of passwords. Database passwords are separate from operating system passwords. Specify a password upon user creation with CREATE USER name PASSWORD 'string'.
A user's attributes can be modified after creation with ALTER USER. See the reference pages for CREATE USER and ALTER USER for details.
A user can also set personal defaults for many of the run-time configuration settings described in Section 3.4. For example, if for some reason you want to disable index scans (hint: not a good idea) anytime you connect, you can use
ALTER USER myname SET enable_indexscan TO off;
This will save the setting (but not set it immediately) and in subsequent connections it will appear as though SET enable_indexscan TO off; had been called right before the session started. You can still alter this setting during the session; it will only be the default. To undo any such setting, use ALTER USER username RESET varname;.