It is frequently convenient to group users together to ease management of privileges: that way, privileges can be granted to, or revoked from, a group as a whole. In PostgreSQL this is done by creating a role that represents the group, and then granting membership in the group role to individual user roles.
To set up a group role, first create the role:
CREATE ROLE name;
   Typically a role being used as a group would not have the LOGIN
   attribute, though you can set it if you wish.
  
   Once the group role exists, you can add and remove members using the
   GRANT and
   REVOKE commands:
GRANTgroup_roleTOrole1, ... ; REVOKEgroup_roleFROMrole1, ... ;
   You can grant membership to other group roles, too (since there isn't
   really any distinction between group roles and non-group roles).  The
   database will not let you set up circular membership loops.  Also,
   it is not permitted to grant membership in a role to
   PUBLIC.
  
   The members of a group role can use the privileges of the role in two
   ways.  First, member roles that have been granted membership with the
   SET option can do
   SET ROLE to
   temporarily “become” the group role.  In this state, the
   database session has access to the privileges of the group role rather
   than the original login role, and any database objects created are
   considered owned by the group role not the login role.  Second, member
   roles that have been granted membership with the
   INHERIT option automatically have use of the
   privileges of those directly or indirectly a member of, though the
   chain stops at memberships lacking the inherit option.  As an example,
   suppose we have done:
CREATE ROLE joe LOGIN; CREATE ROLE admin; CREATE ROLE wheel; CREATE ROLE island; GRANT admin TO joe WITH INHERIT TRUE; GRANT wheel TO admin WITH INHERIT FALSE; GRANT island TO joe WITH INHERIT TRUE, SET FALSE;
   Immediately after connecting as role joe, a database
   session will have use of privileges granted directly to joe
   plus any privileges granted to admin and
   island, because joe
   “inherits” those privileges.  However, privileges
   granted to wheel are not available, because even though
   joe is indirectly a member of wheel, the
   membership is via admin which was granted using
   WITH INHERIT FALSE. After:
SET ROLE admin;
   the session would have use of only those privileges granted to
   admin, and not those granted to joe or
   island.  After:
SET ROLE wheel;
   the session would have use of only those privileges granted to
   wheel, and not those granted to either joe
   or admin.  The original privilege state can be restored
   with any of:
SET ROLE joe; SET ROLE NONE; RESET ROLE;
    The SET ROLE command always allows selecting any role
    that the original login role is directly or indirectly a member of,
    provided that there is a chain of membership grants each of which has
    SET TRUE (which is the default).
    Thus, in the above example, it is not necessary to become
    admin before becoming wheel.
    On the other hand, it is not possible to become island
    at all; joe can only access those privileges via
    inheritance.
   
    In the SQL standard, there is a clear distinction between users and roles,
    and users do not automatically inherit privileges while roles do.  This
    behavior can be obtained in PostgreSQL by giving
    roles being used as SQL roles the INHERIT attribute, while
    giving roles being used as SQL users the NOINHERIT attribute.
    However, PostgreSQL defaults to giving all roles
    the INHERIT attribute, for backward compatibility with pre-8.1
    releases in which users always had use of permissions granted to groups
    they were members of.
   
   The role attributes LOGIN, SUPERUSER,
   CREATEDB, and CREATEROLE can be thought of as
   special privileges, but they are never inherited as ordinary privileges
   on database objects are.  You must actually SET ROLE to a
   specific role having one of these attributes in order to make use of
   the attribute.  Continuing the above example, we might choose to
   grant CREATEDB and CREATEROLE to the
   admin role.  Then a session connecting as role joe
   would not have these privileges immediately, only after doing
   SET ROLE admin.
  
   To destroy a group role, use DROP ROLE:
DROP ROLE name;
Any memberships in the group role are automatically revoked (but the member roles are not otherwise affected).