A user role has the LOGIN privilege that lets users sign in to the AlloyDB Omni system. A group role has member roles with various privileges, which you can grant to or revoke from all members at once.
AlloyDB Omni predefined PostgreSQL roles
PostgreSQL has a set of predefined roles
with various privileges. AlloyDB Omni adds several user and group
roles to this set of PostgreSQL's predefined roles.
The following table lists the PostgreSQL roles that AlloyDB Omni
predefines:
Role name
Privileges
alloydbadmin
SUPERUSER (which includes CREATEROLE, CREATEDB, and LOGIN).
alloydbmetadata
By default, this role does not have any privileges.
In addition, AlloyDB Omni reserves the following role names that are unused but may be used in the future.
Role name
Privileges
alloydbagent
NOLOGIN
alloydbexport
NOLOGIN
alloydbiamgroupuser
NOLOGIN
alloydbiamuser
NOLOGIN
alloydbimportexport
NOLOGIN
alloydbobservability
NOLOGIN
alloydbreplica
NOLOGIN
alloydbsqllogical
NOLOGIN
alloydbsuperuser
NOLOGIN
The alloydbadmin user role
The alloydbadmin role is a predefined role that sets up
the database system and performs other superuser tasks. This role has the following privileges:
Create extensions that require superuser privileges
Create event triggers
Create replication users
Create replication publications and subscriptions
This role is only used by AlloyDB Omni internal tools and shouldn't be used by users.
The alloydbmetadata role
The alloydbmetadata role is a predefined role with fewer privileges, also used by AlloyDB Omni internally. Similar to alloydbadmin, this role shouldn't be used by other users.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-22 UTC."],[[["\u003cp\u003eAlloyDB Omni utilizes standard PostgreSQL roles, which can function as database users, groups, or both.\u003c/p\u003e\n"],["\u003cp\u003eAlloyDB Omni defines two primary predefined roles: \u003ccode\u003ealloydbadmin\u003c/code\u003e, which has \u003ccode\u003eSUPERUSER\u003c/code\u003e privileges, and \u003ccode\u003ealloydbmetadata\u003c/code\u003e, which initially has no privileges.\u003c/p\u003e\n"],["\u003cp\u003eThe \u003ccode\u003ealloydbadmin\u003c/code\u003e role is designed for internal system setup and tasks, and is granted extensive privileges such as \u003ccode\u003eCREATEROLE\u003c/code\u003e, \u003ccode\u003eCREATEDB\u003c/code\u003e, and \u003ccode\u003eLOGIN\u003c/code\u003e.\u003c/p\u003e\n"],["\u003cp\u003eAlloyDB Omni also reserves several role names with \u003ccode\u003eNOLOGIN\u003c/code\u003e privileges for future use, including \u003ccode\u003ealloydbagent\u003c/code\u003e, \u003ccode\u003ealloydbexport\u003c/code\u003e, and \u003ccode\u003ealloydbreplica\u003c/code\u003e.\u003c/p\u003e\n"],["\u003cp\u003eThe \u003ccode\u003ealloydbmetadata\u003c/code\u003e role is a predefined role with limited privileges, that should be used only by the AlloyDB Omni system.\u003c/p\u003e\n"]]],[],null,[]]
