Superusers - Amazon Redshift

Superusers

Database superusers have the same permissions as database owners for all databases.

The admin user, which is the user you created when you launched the cluster, is a superuser.

You must be a superuser to create a superuser.

Amazon Redshift system tables and system views are either visible only to superusers or visible to all users. Only superusers can query system tables and system views that are designated "visible to superusers." For information, see System tables and views.

Superusers can view all catalog tables. For information, see System catalog tables.

A database superuser bypasses all permission checks. Superusers retain all permissions regardless of GRANT and REVOKE commands. Be careful when using a superuser role. We recommend that you do most of your work as a role that is not a superuser. You can create an administrator role with more restrictive permissions. For more information about creating roles, see Role-based access control (RBAC)

To create a new database superuser, log on to the database as a superuser and issue a CREATE USER command or an ALTER USER command with the CREATEUSER permission.

CREATE USER adminuser CREATEUSER PASSWORD '1234Admin'; ALTER USER adminuser CREATEUSER;

To create, alter, or drop a superuser, use the same commands to manage users. For more information, see Creating, altering, and deleting users.