PostgreSQL – PRIVILEGES

Whenever an object is created in a database, an owner is assigned to it. The owner is usually the one who executed the creation statement. For most kinds of objects, the initial state is that only the owner (or a superuser) can modify or delete the object. To allow other roles or users to use it, privileges or permission must be granted.

Different kinds of privileges in PostgreSQL are βˆ’

  • SELECT,
  • INSERT,
  • UPDATE,
  • DELETE,
  • TRUNCATE,
  • REFERENCES,
  • TRIGGER,
  • CREATE,
  • CONNECT,
  • TEMPORARY,
  • EXECUTE, and
  • USAGE

Depending on the type of the object (table, function, etc.,), privileges are applied to the object. To assign privileges to the users, the GRANT command is used.

Syntax for GRANT

Basic syntax for GRANT command is as follows βˆ’

GRANT privilege [, ...]
ON object [, ...]
TO { PUBLIC | GROUP group | username }
  • privilege βˆ’ values could be: SELECT, INSERT, UPDATE, DELETE, RULE, ALL.
  • object βˆ’ The name of an object to which to grant access. The possible objects are: table, view, sequence
  • PUBLIC βˆ’ A short form representing all users.
  • GROUP group βˆ’ A group to whom to grant privileges.
  • username βˆ’ The name of a user to whom to grant privileges. PUBLIC is a short form representing all users.

The privileges can be revoked using the REVOKE command.

Syntax for REVOKE

Basic syntax for REVOKE command is as follows βˆ’

REVOKE privilege [, ...]
ON object [, ...]
FROM { PUBLIC | GROUP groupname | username }
  • privilege βˆ’ values could be: SELECT, INSERT, UPDATE, DELETE, RULE, ALL.
  • object βˆ’ The name of an object to which to grant access. The possible objects are: table, view, sequence
  • PUBLIC βˆ’ A short form representing all users.
  • GROUP group βˆ’ A group to whom to grant privileges.
  • username βˆ’ The name of a user to whom to grant privileges. PUBLIC is a short form representing all users.

Example

To understand the privileges, let us first create a USER as follows βˆ’

testdb=# CREATE USER manisha WITH PASSWORD 'password';
CREATE ROLE

The message CREATE ROLE indicates that the USER “manisha” is created.

Consider the table COMPANY having records as follows βˆ’

testdb# select * from COMPANY;
 id | name  | age | address   | salary
----+-------+-----+-----------+--------
  1 | Paul  |  32 | California|  20000
  2 | Allen |  25 | Texas     |  15000
  3 | Teddy |  23 | Norway    |  20000
  4 | Mark  |  25 | Rich-Mond |  65000
  5 | David |  27 | Texas     |  85000
  6 | Kim   |  22 | South-Hall|  45000
  7 | James |  24 | Houston   |  10000
(7 rows)

Next, let us grant all privileges on a table COMPANY to the user “manisha” as follows βˆ’

testdb=# GRANT ALL ON COMPANY TO manisha;
GRANT

The message GRANT indicates that all privileges are assigned to the USER.

Next, let us revoke the privileges from the USER “manisha” as follows βˆ’

testdb=# REVOKE ALL ON COMPANY FROM manisha;
REVOKE

The message REVOKE indicates that all privileges are revoked from the USER.

You can even delete the user as follows βˆ’

testdb=# DROP USER manisha;
DROP ROLE

The message DROP ROLE indicates USER β€˜Manisha’ is deleted from the database.

Leave a Reply