PostgreSQL raises ERROR: role "<name>" does not exist with SQLSTATE 0P000 (invalid_role_specification) when a statement references a role name that cannot be found or is otherwise not a valid role in the current database cluster. This error belongs to the Invalid Role Specification error class (class 0P).
What This Error Means
SQLSTATE class 0P is a standalone class in PostgreSQL dedicated to invalid role specification. It has only one defined condition: invalid_role_specification (0P000). This tight scope means whenever you see this SQLSTATE, the problem is precisely that a role name involved in the statement is unrecognized or unusable in the requested context.
PostgreSQL manages both users and groups as a unified concept called roles (since PostgreSQL 8.1). Roles are cluster-wide objects, stored in the system catalog pg_authid and visible through the view pg_roles. When a statement like SET ROLE, GRANT, REVOKE, or ALTER ROLE names a role that does not appear in pg_authid, PostgreSQL aborts the statement and raises 0P000 before any data modification takes place.
The connection itself remains open after this error — it is a statement-level error, not a fatal connection error. If you are inside a transaction block, the transaction is marked as aborted and must be rolled back before you can execute any further commands.
Common Causes
Typographical error in the role name. Role names are case-folded to lowercase unless quoted.
SET ROLE "Admin"andSET ROLE adminrefer to different roles, andSET ROLE Adminis treated asSET ROLE admin.The role was never created or was dropped. The role simply does not exist in
pg_roles. ADROP ROLEorDROP USERby another administrator may have removed it between the time it was provisioned and when the statement runs.Using
SET ROLEto a role the current session user is not a member of. In addition to the role not existing,SET ROLErequires that the current session user (or a superuser) is a member of the target role. If membership is absent, PostgreSQL raises a different error; however, a missing role raises0P000first.Cross-database confusion. Roles are cluster-wide, but developers sometimes assume a role exists because it was created in a different cluster (e.g., a production cluster vs. a development cluster). Migrating schema without migrating roles produces this error when the SQL script references those roles in
GRANTstatements.Automated provisioning scripts that run out of order. Deployment pipelines that run
GRANT ... TO <role>before the correspondingCREATE ROLEstatement finishes will hit0P000.
How to Fix invalid_role_specification
Verify the role exists:
SELECT rolname FROM pg_roles WHERE rolname = 'the_role_name';If the query returns no rows, the role does not exist in this cluster.
List all roles to spot typos or case differences:
SELECT rolname FROM pg_roles ORDER BY rolname;Create the missing role if it should exist:
CREATE ROLE app_readonly; -- or, if login access is needed: CREATE USER app_user WITH PASSWORD 'secret';Correct the role name in your statement. Remember that unquoted identifiers are lowercased:
-- These are equivalent (both reference role "admin"): GRANT SELECT ON orders TO admin; GRANT SELECT ON orders TO Admin; -- This references a role literally named "Admin" (capital A): GRANT SELECT ON orders TO "Admin";Grant membership before calling
SET ROLE:-- Allow session_user to assume the reporting role: GRANT reporting TO session_user; -- Now SET ROLE will succeed: SET ROLE reporting;In migration scripts, guard with
DOblocks or check existence first:DO $$ BEGIN IF NOT EXISTS (SELECT 1 FROM pg_roles WHERE rolname = 'app_readonly') THEN CREATE ROLE app_readonly; END IF; END $$;
Additional Information
- SQLSTATE class
0Pcontains only the single conditioninvalid_role_specification(0P000). There are no sibling conditions within this class. - Related errors you may see in role management workflows include
42704(undefined_object) when an object rather than a role is missing, and42501(insufficient_privilege) when the role exists but the current user lacks permission to use or alter it. - Most PostgreSQL client drivers (libpq, psycopg2, asyncpg, JDBC) expose this as an
OperationalErrororProgrammingErrorwith the SQLSTATE set to0P000. Check your driver's exception hierarchy to catch it specifically. - In connection pooling setups (PgBouncer, RDS Proxy),
SET ROLEis commonly used at the start of a session to switch to a lower-privileged role. A missing role here will cause every connection checkout to fail, effectively making the pool unusable for that application. - Role names in PostgreSQL are cluster-wide and are not part of any specific database. Always check
pg_roles(not database-specific catalogs) when diagnosing this error.
Frequently Asked Questions
Why does GRANT SELECT ON my_table TO my_role fail with 0P000, even though I can see the table?
The error is about the role, not the table. my_role does not exist in pg_roles. The table being accessible to your current session has no bearing on whether the role you are granting to exists. Run SELECT rolname FROM pg_roles WHERE rolname = 'my_role'; to confirm.
Does this error abort my entire transaction?
Yes. In PostgreSQL, any error within a transaction block places the transaction in an aborted state. You must issue ROLLBACK (or ROLLBACK TO SAVEPOINT if you set one) before executing any further statements. Subsequent statements will return ERROR: current transaction is aborted, commands ignored until end of transaction block until you roll back.
Is invalid_role_specification the same as "role does not exist"?
Mostly yes — it is the canonical SQLSTATE for that situation. PostgreSQL may also use it when a role name is syntactically invalid or contextually inappropriate (e.g., specifying a non-group role where a group role is expected in older compatibility modes), but the overwhelming majority of real-world occurrences are simply a missing role.
Can SET ROLE NONE or RESET ROLE trigger this error?
No. SET ROLE NONE and RESET ROLE both revert to the session's original authorization and do not look up any role name, so they cannot produce 0P000.
