Define AlloyDB Roles

A role is an entity that can own database objects and have database privileges; a role can be considered a "user", a "group", or both depending on how it is used.

Roles are defined at the database cluster level. Hence, they are valid in all databases in the cluster.

Use the AlloyDB Role Editor to define a role in a AlloyDB physical model.

To define a AlloyDB role

  1. In the Model Explorer, right-click Roles and click New.

    An instance of Role is created.

  2. Right-click the instance and click Properties.

    The AlloyDB Role Editor opens.

  3. In the navigation grid, select the role that you want to define and work with the following options:

    Click New New icon in property editors to create a new object on the toolbar to create a role. Use the Enter filter text box to filter a very large list of roles to quickly locate the one that you want to define.

    Name

    Specifies the name of the role. Set the name of the role in this field.

    Generate

    Generates SQL during forward engineering. Clear the check box if you do not want to generate SQL.

  4. On the AlloyDB tab, work with the following options:
    Valid Until

    Sets a date and time after which the role's password is no longer valid. If this clause is omitted the password will be valid for all time.

    Connection Limit

    If role can log in, this specifies how many concurrent connections the role can make. -1 (the default) indicates that there is no limit.

    Can login

    Specifies whether a role is allowed to log in. That is, whether the role can be given as the initial session authorization name during client connection.

    Inherits rights from parent roles

    Specifies whether a role "inherits" the privileges of roles it is a member of. A role with the INHERIT attribute can automatically use whatever database privileges have been granted to all roles it is directly or indirectly a member of.

    Superuser

    Specifies whether the new role is a superuser. A superuser can override all access restrictions within the database.

    Can Create DB

    Indicates a role's ability to create databases.

    Can Create Roles

    Indicates a role's ability to create new roles (that is, execute CREATE ROLE). A role with CREATEROLE privilege can also alter and drop other roles.

    Can initiate replication

    Specifies whether a role is allowed to initiate streaming replication or put the system in and out of backup mode. A role having the REPLICATION attribute is a privileged role, and should only be used on roles actually used for replication.

  5. (Optional) Click the Comment tab and enter any comments that you want to associate with the object.
  6. (Optional) Click the Where Used tab to view where the object is used within the model.
  7. (Optional) Click the UDPtab to work with user-defined properties for the object.
  8. (Optional) Click the Notestab to view and edit user notes.
  9. (Optional) Click the Extended Notes tab to view or edit user notes.
  10. Click Close.

    The role is defined and the AlloyDB Role Editor closes.

For more information, refer to AlloyDB documentation.