Contents /
Previous /
Next
Privileges (Permissions): GRAND and REVOKE
There are several different privileges a user may have for a table:
- SELECT (read)
- INSERT (append)
- UPDATE (write)
- DELETE
- RULE
- REFERENCES (foreign key)
- TRIGGER
The right to modify or destroy an object is always the privilege of
the owner only.
To assign privileges, the GRANT command is used.
Example (joe is an existing user, and accounts is an existing table):
<![CDATA[
GRANT UPDATE ON accounts TO joe;
]]>
The user executing this command must be the owner of the table.
To grant a privilege to a group, use:
<![CDATA[
GRANT SELECT ON accounts TO GROUP staff;
]]>
The special "user" name PUBLIC can be used to grant a privilege to
every user on the system.
Writing ALL in place of a specific privilege
specifies that all privileges will be granted.
REVOKE privileges with:
<![CDATA[
REVOKE ALL ON accounts FROM PUBLIC;
]]>
The special privileges of the table owner (i.e., the right to do DROP,
GRANT, REVOKE, etc)
are always implicit in being the owner, and cannot
be granted or revoked.