Role Manager allows you to add, edit and delete Roles within the diagram. To open Role Manager, select the Diagram | Role Manager menu item.
Role is a virtual object of a diagram and has no graphical representation. After defining a Role, it appears in the object editors, so that you could attach other diagram objects to it.
Role Manager contains a grid that represents Roles available in the diagram and their properties. The Role properties you can change in the grid are as follows:
The name of a Role to be created. The name cannot begin with pg_, as such names are reserved for system Roles.
Only roles that have the LOGIN attribute can be used as the initial role name for a database connection. A role with the LOGIN attribute can be considered the same thing as a "database user".
These option determine whether a role "inherits" the privileges of roles it is a member of. A role with the INHERIT attribute can automatically use whatever database privileges have been granted to all roles it is directly or indirectly a member of. Without INHERIT, membership in another role only grants the ability to SET ROLE to that other role; the privileges of the other role are only available after having done so.
If role can log in, this specifies how many concurrent connections the role can make. -1 (the default) means no limit.
A database superuser bypasses all permission checks. This is a dangerous privilege and should not be used carelessly; it is best to do most of your work as a role that is not a superuser. You must do this as a role that is already a superuser.
A role must be explicitly given permission to create databases (except for superusers, since those bypass all permission checks).
A role must be explicitly given permission to create more roles (except for superusers, since those bypass all permission checks). A role with CREATEROLE privilege can alter and drop other roles, too, as well as grant or revoke membership in them. However, to create, alter, drop, or change membership of a superuser role, superuser status is required; CREATEROLE is not sufficient for that.
A password is only significant if the client authentication method requires the user to supply a password when connecting to the database. The password, md5, and crypt authentication methods make use of passwords. Database passwords are separate from operating system passwords.
The Valid option sets a date and time after which the role's password is no longer valid. If this clause is omitted the password will be valid for all time.
Option lists one or more existing roles to which the new role will be immediately added as a new member.
Option lists one or more existing roles which are automatically added as members of the new role.
This option is like Roles, but the named roles are added to the new role WITH ADMIN OPTION, giving them the right to grant membership in this role to others.
Set this option off to disable generation of the Role during database generation.
The buttons below the list of Roles allow you to perform the following actions:
Add - add a new Role with the default properties to the end of the list;
Duplicate - add a new Role with the same properties as the selected Role to the end of the list;
Delete - remove the selected Role from the list.
The Preview tab displays the SQL statement, which will be executed during the database generation. This statement is made up according to the changes you have made using the previous tabs. Please note that the text within the editor is read-only. The content of this tab updates only when your press the Apply button.