diff --git a/knowledge base/cloud computing/aws/rds.md b/knowledge base/cloud computing/aws/rds.md
index dd6d5df..e0a03f9 100644
--- a/knowledge base/cloud computing/aws/rds.md	
+++ b/knowledge base/cloud computing/aws/rds.md	
@@ -1,6 +1,8 @@
 # Amazon Relational Database Service
 
 1. [TL;DR](#tldr)
+1. [Engine](#engine)
+   1. [PostgreSQL](#postgresql)
 1. [Storage](#storage)
 1. [Parameter Groups](#parameter-groups)
 1. [Option Groups](#option-groups)
@@ -11,11 +13,10 @@
 1. [Restore](#restore)
 1. [Encryption](#encryption)
 1. [Operations](#operations)
-   1. [PostgreSQL](#postgresql)
-      1. [Reduce allocated storage by migrating using transportable databases](#reduce-allocated-storage-by-migrating-using-transportable-databases)
+   1. [PostgreSQL: reduce allocated storage by migrating using transportable databases](#postgresql-reduce-allocated-storage-by-migrating-using-transportable-databases)
 1. [Troubleshooting](#troubleshooting)
-   1. [ERROR: extension must be loaded via shared\_preload\_libraries](#error-extension-must-be-loaded-via-shared_preload_libraries)
-   1. [ERROR: must be superuser to alter superuser roles or change superuser attribute](#error-must-be-superuser-to-alter-superuser-roles-or-change-superuser-attribute)
+    1. [ERROR: extension must be loaded via shared\_preload\_libraries](#error-extension-must-be-loaded-via-shared_preload_libraries)
+    1. [ERROR: must be superuser to alter _X_ roles or change _X_ attribute](#error-must-be-superuser-to-alter-x-roles-or-change-x-attribute)
 1. [Further readings](#further-readings)
     1. [Sources](#sources)
 
@@ -83,6 +84,12 @@ One can choose any of the following retention periods for instances' Performance
 - _n_ months, where n is a number from 1 to 24.<br/>
   In CLI and IaC, this number must be _n*31_.
 
+## Engine
+
+### PostgreSQL
+
+Refer [Understanding PostgreSQL roles and permissions].
+
 ## Storage
 
 Refer [Amazon RDS DB instance storage].
@@ -365,9 +372,7 @@ latest available backup.
 
 ## Operations
 
-### PostgreSQL
-
-#### Reduce allocated storage by migrating using transportable databases
+### PostgreSQL: reduce allocated storage by migrating using transportable databases
 
 Refer [Migrating databases using RDS PostgreSQL Transportable Databases],
 [Transporting PostgreSQL databases between DB instances] and
@@ -632,7 +637,7 @@ Refer [How can I resolve the "ERROR: <module/extension> must be loaded via share
 1. Reboot the instance to apply the change.
 1. Try reloading it again.
 
-### ERROR: must be superuser to alter superuser roles or change superuser attribute
+### ERROR: must be superuser to alter _X_ roles or change _X_ attribute
 
 Error message examples:
 
@@ -647,6 +652,7 @@ Actions involving altering protected roles or changing protected attributes are
 - [Working with DB instance read replicas]
 - [Working with parameter groups]
 - [How can I resolve the "ERROR: <module/extension> must be loaded via shared_preload_libraries" error?]
+- [Understanding PostgreSQL roles and permissions]
 
 ### Sources
 
@@ -689,6 +695,7 @@ Actions involving altering protected roles or changing protected attributes are
 [restoring from a db snapshot]: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_RestoreFromSnapshot.html
 [transport postgresql databases between two amazon rds db instances using pg_transport]: https://docs.aws.amazon.com/prescriptive-guidance/latest/patterns/transport-postgresql-databases-between-two-amazon-rds-db-instances-using-pg_transport.html
 [transporting postgresql databases between db instances]: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/PostgreSQL.TransportableDB.html
+[understanding postgresql roles and permissions]: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Appendix.PostgreSQL.CommonDBATasks.Roles.html
 [what is aws database migration service?]: https://docs.aws.amazon.com/dms/latest/userguide/Welcome.html
 [working with db instance read replicas]: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_ReadRepl.html
 [working with parameter groups]: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithParamGroups.html
diff --git a/knowledge base/postgresql.md b/knowledge base/postgresql.md
index 261eb80..363c1eb 100644
--- a/knowledge base/postgresql.md	
+++ b/knowledge base/postgresql.md	
@@ -17,6 +17,12 @@ postgres.lan:5643:postgres:postgres:BananaORama
 
 The credential file's permissions must be `0600`, or it will be ignored.
 
+Database roles represent both users and groups.<br/>
+Roles are **distinct** from the OS' users and groups, and are global across the whole installation (there are **no**
+DB-specific roles).
+
+Extensions in PostgreSQL are managed per database.
+
 ```sh
 # Installation.
 brew install 'postgresql@14'
diff --git a/snippets/postgresql.sql b/snippets/postgresql.sql
index e18a0b4..90f81bd 100644
--- a/snippets/postgresql.sql
+++ b/snippets/postgresql.sql
@@ -60,6 +60,11 @@ DROP SCHEMA IF EXISTS mundane CASCADE;
 \dt+
 
 
+-- Revoke *default* privileges
+ALTER DEFAULT PRIVILEGES IN SCHEMA cache REVOKE select ON TABLES FROM sales;
+ALTER DEFAULT PRIVILEGES FOR ROLE juan IN SCHEMA cache REVOKE all ON TABLES FROM sales;
+
+
 -- List users with respective roles
 \du
 \du+
@@ -83,10 +88,14 @@ CREATE USER mike;
 ALTER USER joel WITH SUPERUSER;
 -- Revoke SuperUser permissions
 ALTER USER joel WITH NOSUPERUSER;
--- Allow users to create databases
+-- Grant privileges to users
 ALTER USER mark CREATEDB;
+ALTER ROLE miriam CREATEROLE CREATEDB;
 -- Change passwords
 ALTER USER jonathan WITH PASSWORD 'seagull5-pantomime-Resting';
+ALTER ROLE samantha WITH PASSWORD 'Wing5+Trunks3+Relic2' VALID UNTIL 'August 4 12:00:00 2024 +1';
+-- Change password's validity
+ALTER ROLE fred VALID UNTIL 'infinity';
 
 
 -- Close the connection to the current DB