eslint-plugin-postgresql
All rules

Security

postgresql/no-create-role

Disallow `CREATE ROLE` / `CREATE USER` in versioned SQL.

  • Type suggestion
  • Recommended warn
  • Fixable no

Why this matters

Roles and credentials belong in an operator-managed bootstrap, not in application migrations that run automatically. Granting privileges to existing roles from a migration is fine.

Examples

Incorrect

Incorrect 
CREATE ROLE app_writer LOGIN PASSWORD 'redacted';

Correct

Correct 
GRANT SELECT ON users TO app_reader;

Configure it

// eslint.config.js
import postgresql from "eslint-plugin-postgresql";

export default [
  {
    files: ["**/*.sql"],
    languageOptions: {
      parser: postgresql.configs.recommended.languageOptions.parser,
    },
    plugins: { postgresql },
    rules: {
      "postgresql/no-create-role": "warn",
    },
  },
];

Options

This rule has no options.

Try this rule

Edit the SQL — only no-create-role is enabled.

Pre-filled with the first incorrect example. Toggle off in the rule shelf to see how the diagnostic disappears.

0 errors 0 warnings parse 0ms · rules 0ms
Diagnostics

No issues found.

2 rules enabled.

Rule under test no-create-role — plus no-syntax-error as a safety net.
eslint-plugin-postgresql

An ESLint plugin that lints .sql files with real PostgreSQL grammar and a curated set of best-practice rules.

Project
Resources
© 2026 eslint-plugin-postgresql contributors Built on libpg-query · PostgreSQL 17