Redshift – Script to generate statements to recreate users and groups

--Script to generate statements to re-create users in redshift
select 'create user '+ usename +' password ''Hidden1!'' ;' from pg_user
order by usename asc;

--Script to generate statements to re-create groups 
select 'create group '+ groname +';' from pg_group
order by groname asc;

--Script to generate statements to add users to various groups
SELECT 'alter group '+ groname + ' add user ' + usename + ';'
FROM "admin".v_get_users_in_group
order by groname , usename;

Difference between users, groups, and roles on Postgres and Redshift


We’ll start here, because Postgres generally sets the standard for relational databases.

In Postgres 9, users and groups were replaced with roles (Postgres have been very kind, and have maintained user and group as aliases for role for backwards compatibility). The difference between users and roles? Simply put, users can now be considered as roles with the ability to login.

  • Membership: Any role can be a member of another role, so you can create a hierarchical structure with as many tiers as you’d like.
  • Ownership: Any role can own relations.
  • Privileges: Any role can have privileges granted to it.
  • Inheritance: Up to you! Roles can be configured such that any members automatically inherit the privileges of the role, or can be configured to force a member to explicitly change their role in order to use those privileges.


Redshift forked from Postgres somewhere around version 8. As such, roles look more like an old-school Postgres database rather than the role-based world of Postgres 9 – on Redshift, users and groups are separate entities.

  • Membership: Only a user can be a member of groups, i.e. a group cannot be a member of other groups, so you can only have a two-tiered structure.
  • Ownership: Users, rather than groups, own relations.
  • Privileges: Both users and groups can have privileges granted to them.
  • Inheritance: Users automatically inherit all privileges of any groups they are a member of.
%d bloggers like this: