Amazon Redshift will no longer support the creation of new Python UDFs starting Patch 198. Existing Python UDFs will continue to function until June 30, 2026. For more information, see the [ blog post ](https://aws.amazon.com/blogs/big-data/amazon-redshift-python-user-defined-functions-will-reach-end-of-support-after-june-30-2026/).
# Groups
Groups are collections of users who are all granted whatever permissions are associated with the group. You can use groups to assign permissions. For example, you can create different groups for sales, administration, and support and give the users in each group the appropriate access to the data they need for their work. You can grant or revoke permissions at the group level, and those changes will apply to all members of the group, except for superusers.
To view all user groups, query the PG\$1GROUP system catalog table:
```
select * from pg_group;
```
For example, to list all database users by group, run the following SQL.
```
SELECT u.usesysid
,g.groname
,u.usename
FROM pg_user u
LEFT JOIN pg_group g ON u.usesysid = ANY (g.grolist)
```
# Creating, altering, and deleting groups
Only a superuser can create, alter, or drop groups.
You can perform the following actions:
+ To create a group, use the [CREATE GROUP](r_CREATE_GROUP.md) command.
+ To add users to or remove users from an existing group, use the [ALTER GROUP](r_ALTER_GROUP.md) command.
+ To delete a group, use the [DROP GROUP](r_DROP_GROUP.md) command. This command only drops the group, not its member users.
# Example for controlling user and group access
This example creates user groups and users and then grants them various permissions for an Amazon Redshift database that connects to a web application client. This example assumes three groups of users: regular users of a web application, power users of a web application, and web developers.
For information about how to remove a user from a group, see [ALTER GROUP](r_ALTER_GROUP.md).
1. Create the groups where the users will be assigned. The following set of commands creates three different user groups:
```
create group webappusers;
create group webpowerusers;
create group webdevusers;
```
1. Create several database users with different permissions and add them to the groups.
1. Create two users and add them to the WEBAPPUSERS group:
```
create user webappuser1 password 'webAppuser1pass'
in group webappusers;
create user webappuser2 password 'webAppuser2pass'
in group webappusers;
```
1. Create a web developer user and add it to the WEBDEVUSERS group:
```
create user webdevuser1 password 'webDevuser2pass'
in group webdevusers;
```
1. Create a superuser. This user will have administrative rights to create other users:
```
create user webappadmin password 'webAppadminpass1'
createuser;
```
1. Create a schema to be associated with the database tables used by the web application, and grant the various user groups access to this schema:
1. Create the WEBAPP schema:
```
create schema webapp;
```
1. Grant USAGE permissions to the WEBAPPUSERS group:
```
grant usage on schema webapp to group webappusers;
```
1. Grant USAGE permissions to the WEBPOWERUSERS group:
```
grant usage on schema webapp to group webpowerusers;
```
1. Grant ALL permissions to the WEBDEVUSERS group:
```
grant all on schema webapp to group webdevusers;
```
The basic users and groups are now set up. You can now alter the users and groups.
1. For example, the following command alters the search\$1path parameter for the WEBAPPUSER1.
```
alter user webappuser1 set search_path to webapp, public;
```
The SEARCH\$1PATH specifies the schema search order for database objects, such as tables and functions, when the object is referenced by a simple name with no schema specified.
1. You can also add users to a group after creating the group, such as adding WEBAPPUSER2 to the WEBPOWERUSERS group:
```
alter group webpowerusers add user webappuser2;
```