A user role has the LOGIN privilege that lets users sign in to the AlloyDB Omni system. A group role has member roles with various privileges, which you can grant to or revoke from all members at once.
AlloyDB Omni predefined PostgreSQL roles
PostgreSQL has a set of predefined roles
with various privileges. AlloyDB Omni adds several user and group
roles to this set of PostgreSQL's predefined roles.
The following table lists the PostgreSQL roles that AlloyDB Omni
predefines:
Role name
Privileges
alloydbadmin
SUPERUSER (which includes CREATEROLE, CREATEDB, and LOGIN).
alloydbmetadata
By default, this role does not have any privileges.
In addition, AlloyDB Omni reserves the following role names that are unused but may be used in the future.
Role name
Privileges
alloydbagent
NOLOGIN
alloydbexport
NOLOGIN
alloydbiamgroupuser
NOLOGIN
alloydbiamuser
NOLOGIN
alloydbimportexport
NOLOGIN
alloydbobservability
NOLOGIN
alloydbreplica
NOLOGIN
alloydbsqllogical
NOLOGIN
alloydbsuperuser
NOLOGIN
The alloydbadmin user role
The alloydbadmin role is a predefined role that sets up
the database system and performs other superuser tasks. This role has the following privileges:
Create extensions that require superuser privileges
Create event triggers
Create replication users
Create replication publications and subscriptions
This role is only used by AlloyDB Omni internal tools and shouldn't be used by users.
The alloydbmetadata role
The alloydbmetadata role is a predefined role with fewer privileges, also used by AlloyDB Omni internally. Similar to alloydbadmin, this role shouldn't be used by other users.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-22 UTC."],[[["\u003cp\u003eAlloyDB Omni utilizes standard PostgreSQL roles, which can function as database users, groups, or both.\u003c/p\u003e\n"],["\u003cp\u003eAlloyDB Omni adds predefined user and group roles to the existing set of PostgreSQL's predefined roles, with \u003ccode\u003ealloydbadmin\u003c/code\u003e and \u003ccode\u003ealloydbmetadata\u003c/code\u003e being key examples.\u003c/p\u003e\n"],["\u003cp\u003eThe \u003ccode\u003ealloydbadmin\u003c/code\u003e role possesses \u003ccode\u003eSUPERUSER\u003c/code\u003e privileges, including \u003ccode\u003eCREATEROLE\u003c/code\u003e, \u003ccode\u003eCREATEDB\u003c/code\u003e, and \u003ccode\u003eLOGIN\u003c/code\u003e, and is designed for AlloyDB Omni internal use only.\u003c/p\u003e\n"],["\u003cp\u003eThe \u003ccode\u003ealloydbmetadata\u003c/code\u003e role is also for internal use by AlloyDB Omni and comes with no privileges by default.\u003c/p\u003e\n"],["\u003cp\u003eAlloyDB Omni reserves several other role names like \u003ccode\u003ealloydbagent\u003c/code\u003e, \u003ccode\u003ealloydbexport\u003c/code\u003e, and others, which are currently unused but might be implemented in the future and are all set to \u003ccode\u003eNOLOGIN\u003c/code\u003e.\u003c/p\u003e\n"]]],[],null,[]]
