PostgreSQL users

This page describes how Cloud SQL works with PostgreSQL users and roles. PostgreSQL roles enable you to control what kind of access and capabilities a user has when they access your PostgreSQL instance.

For complete documentation about PostgreSQL roles, see the PostgreSQL documentation. For information about creating and managing Cloud SQL users, see Creating and Managing Users.

PostgreSQL roles and users

PostgreSQL roles can be a single role, or they can function as a group of roles. A user is simply a role with the ability to login (the role has the LOGIN attribute). Because all roles created by Cloud SQL have the LOGIN attribute, Cloud SQL uses the terms "role" and "user" interchangeably. However, if you create a role with the psql client, it does not necessarily have the LOGIN attribute.

All PostgreSQL users must have a password. You cannot login with a user that does not have a password.

Default PostgreSQL users

When you create a new Cloud SQL for PostgreSQL instance, the default postgres user is already created for you, though you must set its password.

The postgres user is part of the cloudsqlsuperuser role, and has the following attributes (privileges): CREATEROLE, CREATEDB, and LOGIN. It does not have the SUPERUSER or REPLICATION attributes.

Other PostgreSQL users

You can create other PostgreSQL users or roles. All users you create using Cloud SQL are created as part of the cloudsqlsuperuser role, and have the same set of attributes as the postgres user: CREATEROLE, CREATEDB, and LOGIN. You can change the attributes of any user by using the ALTER ROLE command.

If you create a new user with the psql client, you can choose to associate it with a different role, or give it different attributes.

What's next

Was this page helpful? Let us know how we did:

Send feedback about...

Cloud SQL for PostgreSQL