An AlloyDB Omni database uses the standard PostgreSQL concept of roles. A role can act as a database user, a group of users, or both.
A user role has the LOGIN privilege that lets users sign in to the AlloyDB Omni system. A group role has member roles with various privileges, which you can grant to or revoke from all members at once.
AlloyDB Omni predefined PostgreSQL roles
PostgreSQL has a set of predefined roles with various privileges. AlloyDB Omni adds several user and group roles to this set of PostgreSQL's predefined roles.
The following table lists the PostgreSQL roles that AlloyDB Omni predefines:
| Role name | Privileges |
|---|---|
alloydbadmin |
SUPERUSER (which includes CREATEROLE, CREATEDB, and LOGIN). |
alloydbmetadata |
By default, this role does not have any privileges. |
| Role name | Privileges |
|---|---|
alloydbsuperuser |
NOLOGIN |
The alloydbadmin user role
The alloydbadmin role is a predefined role that sets up
the database system and performs other superuser tasks. This role has the following privileges:
- Create extensions that require superuser privileges
- Create event triggers
- Create replication users
- Create replication publications and subscriptions
This role is only used by AlloyDB Omni internal tools and shouldn't be used by users.
The alloydbmetadata role
The alloydbmetadata role is a predefined role with fewer privileges, also used by AlloyDB Omni internally. Similar to alloydbadmin, this role shouldn't be used by other users.
Other important roles
In addition to the predefined roles, there are other important roles that you use for administration and to set up specific features in AlloyDB Omni for Linux.
The postgres role
The postgres role is the default superuser in PostgreSQL. You use this user for the initial setup and for administrative tasks. For example, after installing AlloyDB Omni for Linux, you connect as the postgres user to initialize the database.
The replicator role
The replicator role is used to set up high-availability and read-replica clusters. This role has replication privileges, which are required for streaming data from a primary to a replica instance. You must create this role manually when you configure replication.