Authentication
Chapter 46: Authentication & Users
Section titled “Chapter 46: Authentication & Users”Managing Database Security
Section titled “Managing Database Security”46.1 User Management
Section titled “46.1 User Management”-- Create userCREATE USER john WITH PASSWORD 'secret_password';
-- Create with privilegesCREATE USER admin WITH PASSWORD 'admin_pass' CREATEDB CREATEROLE;
-- Create roleCREATE ROLE developer;
-- Grant privilegesGRANT SELECT, INSERT ON orders TO john;GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO admin;GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public TO admin;
-- Grant role to userGRANT developer TO john;
-- Revoke privilegesREVOKE INSERT ON orders FROM john;
-- Drop userDROP USER IF EXISTS john;46.2 Authentication Methods
Section titled “46.2 Authentication Methods”# pg_hba.conf - Host-Based Authentication
# Local connectionslocal all all peer
# IPv4 local connectionshost all all 127.0.0.1/32 scram-sha-256
# IPv6 local connectionshost all all ::1/128 scram-sha-256
# Replication connectionshost replication all 10.0.0.0/24 scram-sha-25646.3 Password Policies
Section titled “46.3 Password Policies”-- Check password expirationALTER USER john VALID UNTIL '2024-12-31';
-- Require password changeALTER USER john PASSWORD NULL;
-- Set password (encrypted)SET password_encryption = 'scram-sha-256';ALTER USER john PASSWORD 'new_password';
-- Lock account after failed attemptsALTER USER john WITH LOGIN;Summary
Section titled “Summary”| Command | Purpose |
|---|---|
| CREATE USER | Create database user |
| GRANT | Give privileges |
| REVOKE | Remove privileges |
| pg_hba.conf | Authentication config |