Follow Techotopia on Twitter

On-line Guides
All Guides
eBook Store
iOS / Android
Linux for Beginners
Office Productivity
Linux Installation
Linux Security
Linux Utilities
Linux Virtualization
Linux Kernel
System/Network Admin
Scripting Languages
Development Tools
Web Development
GUI Toolkits/Desktop
Mail Systems
Eclipse Documentation

How To Guides
General System Admin
Linux Security
Linux Filesystems
Web Servers
Graphics & Desktop
PC Hardware
Problem Solutions
Privacy Policy




Databases - Practical PostgreSQL
Previous Page Home Next Page

Creating and Removing Groups

Before you get started managing groups, you should first understand how to create and remove them from the system. Each of these procedures requires superuser privileges. See the Section called Managing Users " earlier in this chapter for more about superusers.

Creating a group

Any superuser may create a new group in PostgreSQL with the CREATE GROUP command. Here is the syntax for CREATE GROUP:


         [ WITH
              [ SYSID 
              [ USER  
 [, ...] ] ]

In this syntax, groupname is the name of the group that you wish to create. A group's name must start with an alphabetical character, and may not exceed 31 characters in length. Providing the WITH keyword allows for either of the optional attributes to be specified. If you wish to specify the system ID to use for the new group, use the SYSID keyword to specify the groupid value. Use the USER keyword to include one or more users to the group at creation time. Separate usernames by commas.

Additionally, the PostgreSQL user and group tables operate separately from each other. This separation does allow a user's usesysid and a group's grosysid to be identical within the PostgreSQL system.

As an example, Example 10-11 creates the sales group, and adds two users to it upon its creation. These users are allen, and vincent (presumably, members of Book Town's sales department).

Example 10-11. Creating a group


             WITH USER allen, vincent;


The CREATE GROUP server message indicates that the group was created successfully. You may verify the creation of a group, as well as view all existing groups, with a query on the pg_group system table. Example 10-12 executes such a query.

Example 10-12. Verifying a group

SELECT * FROM pg_group;

  groname   | grosysid |   grolist
 sales      |        1 | {7017,7016}
 accounting |        2 |
 marketing  |        3 |
(3 rows)

Notice that the grolist column is an array, containing the PostgreSQL user ID of each user in the group. These are the same user IDs which can be seen in the pg_user view. For example:

SELECT usename FROM pg_user

               WHERE usesysid = 7017 OR usesysid = 7016;

(2 rows)

Removing a group

Any superuser may also remove a group with the DROP GROUP SQL command. You should exercise caution with this command, as it is irreversible, and you will not be prompted to verify the removal of the group (even if there are users still in the group). Unlike DROP DATABASE, DROP GROUP may be performed within a transaction block.

Here is the syntax for DROP GROUP:


The groupname is the name of the group to be permanently removed. Example 10-13 removes an outdated marketing group from the Book Town database.

Example 10-13. Removing a group

DROP GROUP marketing;


The DROP GROUP server message returned from Example 10-13 indicates that the group was successfully destroyed. Note that removing a group does not remove permissions placed on it, but rather "disembodies" them. Any permissions placed on a database object which have rights assigned to a dropped group will appear to be assigned to a group system ID , rather than to a group.

Note: Inadvertently dropped groups can be restored to their previous functionality by creating a new group with the same system ID as the dropped group. This involves the SYSID keyword, as documented in the Section called Creating a group ." If you assign group permissions to a table and then drop the group, the group permissions on the table will be retained. However, you will need to add the appropriate users to the newly recreated group for the table permissions to be effective for members of that group.

Databases - Practical PostgreSQL
Previous Page Home Next Page

  Published under the terms of the Open Publication License Design by Interspire