PostgreSQL – PRIVILEGES
Whenever an object is created in a database, an owner is assigned to it. The owner is usually the one who executed the creation statement. For most kinds of objects, the initial state is that only the owner (or a superuser) can modify or delete the object. To allow other roles or users to use it, privileges or permission must be granted.
Different kinds of privileges in PostgreSQL are −
- SELECT,
- INSERT,
- UPDATE,
- DELETE,
- TRUNCATE,
- REFERENCES,
- TRIGGER,
- CREATE,
- CONNECT,
- TEMPORARY,
- EXECUTE, and
- USAGE
Depending on the type of the object (table, function, etc.,), privileges are applied to the object. To assign privileges to the users, the GRANT command is used.
Syntax for GRANT
Basic syntax for GRANT command is as follows −
GRANT privilege [, ...] ON object [, ...] TO { PUBLIC | GROUP group | username }
-
privilege − values could be: SELECT, INSERT, UPDATE, DELETE, RULE, ALL.
-
object − The name of an object to which to grant access. The possible objects are: table, view, sequence
-
PUBLIC − A short form representing all users.
-
GROUP group − A group to whom to grant privileges.
-
username − The name of a user to whom to grant privileges. PUBLIC is a short form representing all users.
The privileges can be revoked using the REVOKE command.
Syntax for REVOKE
Basic syntax for REVOKE command is as follows −
REVOKE privilege [, ...] ON object [, ...] FROM { PUBLIC | GROUP groupname | username }
-
privilege − values could be: SELECT, INSERT, UPDATE, DELETE, RULE, ALL.
-
object − The name of an object to which to grant access. The possible objects are: table, view, sequence
-
PUBLIC − A short form representing all users.
-
GROUP group − A group to whom to grant privileges.
-
username − The name of a user to whom to grant privileges. PUBLIC is a short form representing all users.
Example
To understand the privileges, let us first create a USER as follows −
testdb=# CREATE USER manisha WITH PASSWORD ''password CREATE ROLE
The message CREATE ROLE indicates that the USER “manisha” is created.
Consider the table having records as follows −
testdb# select * from COMPANY; id | name | age | address | salary ----+-------+-----+-----------+-------- 1 | Paul | 32 | California| 20000 2 | Allen | 25 | Texas | 15000 3 | Teddy | 23 | Norway | 20000 4 | Mark | 25 | Rich-Mond | 65000 5 | David | 27 | Texas | 85000 6 | Kim | 22 | South-Hall| 45000 7 | James | 24 | Houston | 10000 (7 rows)
Next, let us grant all privileges on a table COMPANY to the user “manisha” as follows −
testdb=# GRANT ALL ON COMPANY TO manisha; GRANT
The message GRANT indicates that all privileges are assigned to the USER.
Next, let us revoke the privileges from the USER “manisha” as follows −
testdb=# REVOKE ALL ON COMPANY FROM manisha; REVOKE
The message REVOKE indicates that all privileges are revoked from the USER.
You can even delete the user as follows −
testdb=# DROP USER manisha; DROP ROLE
The message DROP ROLE indicates USER ‘Manisha’ is deleted from the database.