1. Overview
Cognica Database implements a comprehensive role-based access control (RBAC) system compatible with PostgreSQL. Key concepts:
- Roles are the foundation of the permission system. A role can be a user (can log in) or a group (collection of privileges).
- Privileges control what operations a role can perform on database objects.
- Role Membership allows roles to inherit privileges from other roles.
- Row-Level Security (RLS) provides fine-grained access control at the row level.
Terminology:
- In PostgreSQL (and Cognica), "user" and "role" are nearly synonymous. The difference is that a "user" is a role with the
LOGINattribute. CREATE USERis equivalent toCREATE ROLE ... LOGIN.