Sling Academy
Home/PostgreSQL/How to grant privileges to a user in PostgreSQL

How to grant privileges to a user in PostgreSQL

Last updated: January 05, 2024

Table of Contents

  1. PostgreSQL Privileges: Quick Overview
  2. Creating a User(Role)
  3. Granting Basic Privileges
  4. Database-Wide Privileges
  5. Granting Advanced Privileges
  6. Granting All Privileges
  7. Granting Role Membership
  8. Revoking Privileges
  9. Conclusion

PostgreSQL Privileges: Quick Overview

PostgreSQL provides a robust permissions system that allows fine-grained control over who can access and manipulate data. By understanding how to assign privileges, administrators can protect data integrity and adhere to the principles of least privilege. This guide will outline steps to grant various types of privileges to users in PostgreSQL, complete with practical examples.

Before diving into the specifics of granting privileges in PostgreSQL, it’s essential to understand the basics of the PostgreSQL role-based access control. Roles are akin to users and can own database objects or privileges. Privileges define what operations a role can perform within the database.

Creating a User(Role)

The first step before granting privileges is ensuring that the user (role) exists within your PostgreSQL instance. Consider the following code for creating a new user with login capabilities:

CREATE ROLE your_user_name WITH LOGIN PASSWORD 'your_password';

Granting Basic Privileges

Privileges in PostgreSQL encompass numerous actions, from basic read (SELECT) to more complex operations such as creating databases. Let’s start with the basic command to grant SELECT privilege on a table to a user.

GRANT SELECT ON your_table TO your_user_name;

You can use a similar structure to grant INSERT, UPDATE, or DELETE privileges:

GRANT INSERT, UPDATE, DELETE ON your_table TO your_user_name;

Database-Wide Privileges

Attributing privileges on the database level allows users to perform tasks such as connecting to the database or creating objects within it:

GRANT CONNECT ON DATABASE your_database TO your_user_name;
GRANT CREATE ON DATABASE your_database TO your_user_name;

Granting Advanced Privileges

For thorough control, PostgreSQL permits administrators to grant usage privileges on sequences and schemas or specify column-level privileges. Here’s how you can allow a user to use a sequence:

GRANT USAGE, SELECT ON SEQUENCE your_sequence_name TO your_user_name;

And to permit access to a schema:

GRANT USAGE ON SCHEMA your_schema_name TO your_user_name;

To grant privileges on specific columns of a table:

GRANT SELECT (column1, column2), UPDATE (column1) ON your_table TO your_user_name;

Granting All Privileges

There might be situations where you want to grant all privileges on a table or database to a role. Here’s how it’s done:

GRANT ALL PRIVILEGES ON your_table TO your_user_name;
GRANT ALL PRIVILEGES ON DATABASE your_database TO your_user_name;

Granting Role Membership

Roles can belong to other roles – this grouping mechanism is akin to groups. Here is how you can add a role to a group role:

GRANT your_group_role TO your_user_name;

Revoking Privileges

It’s important to know how to remove privileges granted accidentally or no longer needed:

REVOKE SELECT ON your_table FROM your_user_name;

This can be extended to revoke multiple privileges or even revoke all privileges as shown:

REVOKE INSERT, DELETE ON your_table FROM your_user_name;
REVOKE ALL PRIVILEGES ON your_table FROM your_user_name;

Conclusion

In this tutorial, we’ve explored the process of granting privileges to users in PostgreSQL, ranging from individual table access to whole database permissions, and even touched on privilege revocation. With these skills, you can establish secure and efficient role-based access in PostgreSQL systems, allowing for a secure and properly managed database environment.

Next Article: PostgreSQL: Using SELECT INTO to create a new table from an existing table

Previous Article: 3 Ways to See Error Logs in PostgreSQL

Series: PostgreSQL Tutorials: From Basic to Advanced

PostgreSQL

You May Also Like

  • PostgreSQL with TimescaleDB: Querying Time-Series Data with SQL
  • PostgreSQL Full-Text Search with Boolean Operators
  • Filtering Stop Words in PostgreSQL Full-Text Search
  • PostgreSQL command-line cheat sheet
  • How to Perform Efficient Rolling Aggregations with TimescaleDB
  • PostgreSQL with TimescaleDB: Migrating from Traditional Relational Models
  • Best Practices for Maintaining PostgreSQL and TimescaleDB Databases
  • PostgreSQL with TimescaleDB: Building a High-Performance Analytics Engine
  • Integrating PostgreSQL and TimescaleDB with Machine Learning Models
  • PostgreSQL with TimescaleDB: Implementing Temporal Data Analysis
  • Combining PostgreSQL, TimescaleDB, and Airflow for Data Workflows
  • PostgreSQL with TimescaleDB: Visualizing Real-Time Data with Superset
  • Using PostgreSQL with TimescaleDB for Energy Consumption Analysis
  • PostgreSQL with TimescaleDB: How to Query Massive Datasets Efficiently
  • Best Practices for Writing Time-Series Queries in PostgreSQL with TimescaleDB
  • PostgreSQL with TimescaleDB: Implementing Batch Data Processing
  • Using PostgreSQL with TimescaleDB for Network Traffic Analysis
  • PostgreSQL with TimescaleDB: Troubleshooting Common Performance Issues
  • Building an IoT Data Pipeline with PostgreSQL and TimescaleDB