GRANT SQL - Language Statements GRANT Grants access privileges to a user, a group, or all users GRANT { { SELECT | INSERT | UPDATE | DELETE | RULE | REFERENCES | TRIGGER } [,...] | ALL [ PRIVILEGES ] } ON [ TABLE ] objectname [, ...] TO { username | GROUP groupname | PUBLIC } [, ...] The GRANT command gives specific permissions on an object (table, view, sequence) to a user or a group of users. The special key word PUBLIC indicates that the privileges are to be granted to all users, including those that may be created later. Users other than the creator do not have any access privileges unless the creator grants permissions, after the object is created. There is no need to grant privileges to the creator of an object, as the creator automatically holds all privileges, and can also drop the object. The possible privileges are: SELECT Allows from any column of the specified table, view, or sequence. Also allows the use of FROM. INSERT Allows of a new row into the specified table. Also allows TO. UPDATE Allows of any column of the specified table. SELECT ... FOR UPDATE also requires this privilege (besides the SELECT privilege). For sequences, this privilege allows the use of currval and nextval. DELETE Allows the of a row from the specified table. RULE Allows the creation of a rule on the table/view. (See statement). REFERENCES To create of a table with a foreign key constraint, it is necessary to have this privilege on the table with the primary key. TRIGGER Allows the creation of a trigger on the specified table. (See statement). ALL PRIVILEGES Grant all of the above privileges at once. The PRIVILEGES key word is optional, but it is required by strict SQL. The privileges required by other commands are listed on the reference page of the respective command. Currently, to grant privileges in Postgres to only a few columns, you must create a view having the desired columns and then grant privileges to that view. Use 's \z command to obtain information about privileges on existing objects: Database = lusitania +------------------+---------------------------------------------+ | Relation | Grant/Revoke Permissions | +------------------+---------------------------------------------+ | mytable | {"=rw","miriam=arwdRxt","group todos=rw"} | +------------------+---------------------------------------------+ Legend: uname=arwR -- privileges granted to a user group gname=arwR -- privileges granted to a group =arwR -- privileges granted to PUBLIC r -- SELECT ("read") w -- UPDATE ("write") a -- INSERT ("append") d -- DELETE R -- RULE x -- REFERENCES t -- TRIGGER arwdRxt -- ALL PRIVILEGES The command is used to revoke access privileges. Grant insert privilege to all users on table films: GRANT INSERT ON films TO PUBLIC; Grant all privileges to user manuel on view kinds: GRANT ALL PRIVILEGES ON kinds TO manuel; The PRIVILEGES key word in ALL PRIVILEGES is required. SQL does not support setting the privileges on more than one table per command. The SQL92 syntax for GRANT allows setting privileges for individual columns within a table, and allows setting a privilege to grant the same privileges to others: GRANT privilege [, ...] ON object [ ( column [, ...] ) ] [, ...] TO { PUBLIC | username [, ...] } [ WITH GRANT OPTION ] SQL allows to grant the USAGE privilege on other kinds of objects: CHARACTER SET, COLLATION, TRANSLATION, DOMAIN. The TRIGGER privilege was introduced in SQL99. The RULE privilege is a PostgreSQL extension.