How to enumerate all enabled roles for all users in PostgreSQL?

Question

If you want to check the roles that a user has access to, there is no easy way in PostgreSQL. In the information_schema there are relations enabled_roles

Answer 1

The trick is to make a recursive query over the system catalog relations pg_roles and pg_auth_members:

WITH RECURSIVE membership_tree(grpid, userid) AS (
    -- Get all roles and list them as their own group as well
    SELECT pg_roles.oid, pg_roles.oid
    FROM pg_roles
  UNION ALL
    -- Now add all group membership
    SELECT m_1.roleid, t_1.userid
    FROM pg_auth_members m_1, membership_tree t_1
    WHERE m_1.member = t_1.grpid
)
SELECT DISTINCT t.userid, r.rolname AS usrname, t.grpid, m.rolname AS grpname
FROM membership_tree t, pg_roles r, pg_roles m
WHERE t.grpid = m.oid AND t.userid = r.oid
ORDER BY r.rolname, m.rolname;

This gives a view of all users in the system with all inherited role memberships. Wrap this in a view to have this utility always handy.

Cheers, Patrick