Bird
Raised Fist0
PostgreSQLquery~20 mins

Login vs group roles in PostgreSQL - Practice Questions

Choose your learning style10 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime

Start learning this pattern below

Jump into concepts and practice - no test required

or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
Challenge - 5 Problems
🎖️
Role Mastery Badge
Get all challenges correct to earn this badge!
Test your skills under time pressure!
🧠 Conceptual
intermediate
2:00remaining
Difference between Login and Group Roles in PostgreSQL
Which statement correctly describes the difference between a login role and a group role in PostgreSQL?
AA login role can connect to the database, while a group role cannot connect but can own privileges and be a member of other roles.
BA group role can connect to the database, while a login role cannot connect but can own privileges.
CBoth login and group roles can connect to the database, but only login roles can own tables.
DLogin roles are used only for authentication, and group roles are used only for schema ownership.
Attempts:
2 left
💡 Hint
Think about which roles have the ability to log in and which are used for grouping privileges.
query_result
intermediate
2:00remaining
Query to List All Login Roles
Given the following query, what will be the output?
PostgreSQL
SELECT rolname FROM pg_roles WHERE rolcanlogin = true ORDER BY rolname;
AA list of all role names that have login privileges, sorted alphabetically.
BA list of all group roles that cannot login, sorted alphabetically.
CAn error because rolcanlogin is not a valid column.
DA list of all roles regardless of login capability.
Attempts:
2 left
💡 Hint
Check the meaning of rolcanlogin column in pg_roles.
📝 Syntax
advanced
2:00remaining
Create a Group Role and Assign Login Roles
Which SQL command sequence correctly creates a group role named 'dev_team' and assigns two existing login roles 'alice' and 'bob' as members?
ACREATE ROLE dev_team NOLOGIN; GRANT dev_team TO alice, bob;
BCREATE ROLE dev_team; GRANT alice, bob TO dev_team;
CCREATE ROLE dev_team NOLOGIN; GRANT alice, bob TO dev_team;
DCREATE ROLE dev_team LOGIN; GRANT dev_team TO alice, bob;
Attempts:
2 left
💡 Hint
Remember group roles should not have LOGIN and members are granted to the group role.
optimization
advanced
2:00remaining
Efficient Role Membership Check
You want to efficiently check if a login role 'charlie' is a member of the group role 'managers'. Which query is the most efficient and correct?
ASELECT * FROM pg_roles WHERE rolname = 'charlie' AND rolname IN (SELECT rolname FROM pg_roles WHERE rolname = 'managers');
BSELECT 1 FROM pg_auth_members m JOIN pg_roles r ON m.roleid = r.oid JOIN pg_roles u ON m.member = u.oid WHERE r.rolname = 'managers' AND u.rolname = 'charlie';
CSELECT * FROM pg_auth_members WHERE roleid = (SELECT oid FROM pg_roles WHERE rolname = 'charlie') AND member = (SELECT oid FROM pg_roles WHERE rolname = 'managers');
DSELECT * FROM pg_roles WHERE rolname = 'managers' AND rolcanlogin = true;
Attempts:
2 left
💡 Hint
Check the join conditions and role/member columns in pg_auth_members.
🔧 Debug
expert
3:00remaining
Why Does This Role Membership Query Fail?
Consider this query to check if 'dave' is a member of 'admins': SELECT * FROM pg_auth_members WHERE roleid = (SELECT oid FROM pg_roles WHERE rolname = 'dave') AND member = (SELECT oid FROM pg_roles WHERE rolname = 'admins'); Why does this query return no rows even if 'dave' is a member of 'admins'?
PostgreSQL
SELECT * FROM pg_auth_members WHERE roleid = (SELECT oid FROM pg_roles WHERE rolname = 'dave') AND member = (SELECT oid FROM pg_roles WHERE rolname = 'admins');
ABecause the query syntax is invalid and causes a runtime error.
BBecause 'dave' is not a login role and cannot be a member of any group role.
CBecause pg_auth_members only stores direct memberships, and 'dave' is an indirect member.
DBecause roleid should be the group role 'admins' and member should be the login role 'dave', but the query reverses them.
Attempts:
2 left
💡 Hint
Check the meaning of roleid and member columns in pg_auth_members.

Practice

(1/5)
1. Which of the following best describes a login role in PostgreSQL?
easy
A. A role used only to group other roles without login capability.
B. A role that can connect to the database and perform actions.
C. A temporary session role that disappears after logout.
D. A role that automatically grants all permissions to users.

Solution

  1. Step 1: Understand the purpose of login roles

    Login roles are created to allow users to connect to the database and perform tasks.

  2. Step 2: Differentiate from group roles

    Group roles are for organizing users and sharing permissions but cannot login themselves.

  3. Final Answer:

    A role that can connect to the database and perform actions. -> Option B

  4. Quick Check:

    Login role = can connect [OK]
Hint: Login roles can connect; group roles cannot [OK]
Common Mistakes:
  • Confusing group roles with login roles
  • Thinking group roles can login
  • Assuming login roles have no permissions
2. Which SQL command correctly creates a group role named managers without login capability?
easy
A. CREATE ROLE managers NOLOGIN;
B. CREATE ROLE managers LOGIN;
C. CREATE USER managers;
D. CREATE ROLE managers WITH LOGIN;

Solution

  1. Step 1: Recall syntax for creating roles without login

    To create a group role, use CREATE ROLE with NOLOGIN option.

  2. Step 2: Analyze options

    CREATE ROLE managers NOLOGIN; uses NOLOGIN correctly; options B and D enable login; CREATE USER managers; creates a login user.

  3. Final Answer:

    CREATE ROLE managers NOLOGIN; -> Option A

  4. Quick Check:

    Group role = NOLOGIN [OK]
Hint: Use NOLOGIN to create group roles [OK]
Common Mistakes:
  • Using LOGIN when creating group roles
  • Using CREATE USER instead of CREATE ROLE
  • Omitting NOLOGIN for group roles
3. Given the following commands:
CREATE ROLE analysts NOLOGIN;
CREATE ROLE alice LOGIN PASSWORD 'secret';
GRANT analysts TO alice;

What is true about alice after these commands?
medium
A. Alice can login and has permissions of analysts role.
B. Alice cannot login because analysts role has NOLOGIN.
C. Alice can login but does not inherit analysts permissions.
D. Alice is a group role and cannot login.

Solution

  1. Step 1: Understand role creation and grants

    Alice is a login role with password; analysts is a group role without login.

  2. Step 2: Check role membership effect

    Granting analysts to alice means alice inherits analysts permissions and can login.

  3. Final Answer:

    Alice can login and has permissions of analysts role. -> Option A

  4. Quick Check:

    Login role + granted group role = login + permissions [OK]
Hint: Login roles inherit group role permissions when granted [OK]
Common Mistakes:
  • Thinking NOLOGIN group role blocks login
  • Assuming permissions are not inherited
  • Confusing login and group roles
4. Identify the error in this SQL snippet:
CREATE ROLE developers;
CREATE ROLE bob LOGIN;
GRANT developers TO bob NOLOGIN;
medium
A. CREATE ROLE bob LOGIN is invalid syntax.
B. CREATE ROLE developers must include LOGIN.
C. Bob cannot be granted a role.
D. The GRANT statement incorrectly uses NOLOGIN.

Solution

  1. Step 1: Review GRANT syntax

    GRANT role TO user does not accept NOLOGIN; NOLOGIN is for CREATE ROLE only.

  2. Step 2: Check other statements

    CREATE ROLE developers is valid as group role; CREATE ROLE bob LOGIN is valid.

  3. Final Answer:

    The GRANT statement incorrectly uses NOLOGIN. -> Option D

  4. Quick Check:

    NOLOGIN only in CREATE ROLE, not GRANT [OK]
Hint: NOLOGIN is for CREATE ROLE, not GRANT [OK]
Common Mistakes:
  • Adding NOLOGIN in GRANT statement
  • Confusing role creation and granting syntax
  • Assuming all roles must have LOGIN
5. You want to create a setup where multiple users share the same permissions easily. Which approach is best in PostgreSQL?
hard
A. Create only group roles and let users login as group roles.
B. Create multiple login roles with identical permissions separately.
C. Create individual login roles and grant them a common group role.
D. Create login roles and assign permissions directly to each.

Solution

  1. Step 1: Understand permission management

    Group roles allow sharing permissions easily among many users.

  2. Step 2: Evaluate options

    Create individual login roles and grant them a common group role. uses group roles granted to login roles, best for easy permission management.

  3. Step 3: Reject incorrect options

    A is invalid as group roles cannot login; B duplicates permissions; D is less efficient.

  4. Final Answer:

    Create individual login roles and grant them a common group role. -> Option C

  5. Quick Check:

    Group roles + login roles = efficient permission sharing [OK]
Hint: Use group roles to share permissions among login roles [OK]
Common Mistakes:
  • Trying to login as group roles
  • Assigning permissions individually to each user
  • Duplicating permissions instead of grouping