Introduction
Managing permissions is a crucial aspect of database administration. In PostgreSQL, the GRANT and REVOKE commands are used to control access to database objects. This tutorial will walk you through the process of granting and revoking permissions with practical examples.
Understanding User Roles
In PostgreSQL, permissions are assigned to roles. A role can be a user or a group, and can own database objects and have database privileges. Before you can grant or revoke permissions, you must understand the roles present in your system.
\du
The above command, when executed in the psql client, will display a list of current roles and their attributes.
Granting Basic Permissions
To grant permissions to a user, you use the GRANT command. For example, to give a user the ability to SELECT from a table:
GRANT SELECT ON table_name TO user_name;
This command gives user_name the permission to perform SELECT queries on table_name.
Granting All Privileges on a Table
You can give a user all permissions on a table using the following command:
GRANT ALL PRIVILEGES ON table_name TO user_name;
This allows for a full control over the given table to the user_name.
Granting Permissions on All Tables in a Schema
To apply permissions to all tables within a schema, you can use:
GRANT SELECT ON ALL TABLES IN SCHEMA public TO user_name;
Replace ‘public’ with your schema name and ‘user_name’ with the appropriate user role.
Using the WITH GRANT OPTION
The WITH GRANT OPTION allows a user to grant permissions to other roles:
GRANT SELECT ON table_name TO user_name WITH GRANT OPTION;
This means user_name can now permit others to use SELECT on table_name.
Revoking Permissions
To take back permissions, use the REVOKE command:
REVOKE SELECT ON table_name FROM user_name;
This revokes the SELECT permission from user_name on table_name.
Revoking All Privileges
To revoke all privileges from a role, the following syntax is used:
REVOKE ALL PRIVILEGES ON table_name FROM user_name;
This will remove every right from user_name on table_name.
Managing Schemas Permissions
You might also need to grant or revoke access to a schema. To grant usage on a schema:
GRANT USAGE ON SCHEMA schema_name TO user_name;
Revoke it similarly:
REVOKE USAGE ON SCHEMA schema_name FROM user_name;
Assigning permissions for creating objects in a schema:
GRANT CREATE ON SCHEMA schema_name TO user_name;
Advanced Permission Settings
When managing databases with multiple users and groups, you may need to set more specific permissions:
To give a role permission to alter and drop a specific table:
GRANT ALTER, DROP ON table_name TO user_name;
To cascade revoking privileges when the role that has given those privileges is removed:
REVOKE SELECT ON table_name FROM user_name CASCADE;
However, use CASCADE with caution as it can revoke privileges from multiple roles if they were granted those privileges by user_name.
Conclusion
In this tutorial, we explored how to handle permissions in PostgreSQL using the GRANT and REVOKE statements. Understanding and properly administering these permissions is vital for database security and functionality. Always test permission changes in a non-production environment before implementing in production to avoid unexpected access issues.
