GRANT

Name

GRANT  --  Grants access privileges to a user, group, or all of the users in the database.

Synopsis

GRANT privilege [, ...] ON object [, ...]
    TO { PUBLIC | GROUP group | username }
  

Parameters

privilege

This parameter takes the privilege you wish to set. Possible uses of this parameter are:

SELECT

Allow the specified user or group to access all columns in a specific table/view.

INSERT

Allow the specified user or group to insert data into all columns of a specified table.

UPDATE

Allow the specified user or group to update all columns of a specified table.

DELETE

Allow the specified user or group to delete rows from a specific table.

RULE

Allow the specified user or group to delete rules from a specified table or rule.

ALL

Grant all of the above to the specified user or group.

object

Use this parameter to specify the name of the object that you are granting a user or group access to. Possible objects are a table, view or sequence.

PUBLIC

This parameter is an easier way of referring to all users.

GROUP group

Use this parameter to specify the name of a group you wish to grant additional privileges.

username

Use this parameter to specify the username of a user to be granted additional privileges. You can use PUBLIC here to represent all users.

Results

CHANGE

This message is displayed if the your target is successfully granted additional privileges.

ERROR: ChangeAcl: class "object" not found

This error is displayed if the object you specified is either not available or it is impossible to grant privileges to the specified user/group.

Description

Use the GRANT command to setup user and group permissions for an object you are the owner of. You can set permissions for specific users and groups or set them for PUBLIC, which represents all users in the database. By default, no one but the object owner has access permissions, unless granted them by the object's owner after its creation.

To grant privileges to a only part of a table, create a view that contains the columns you wish to grant access to. To allow users access to those columns, you would allow them access to the view.

Use the backslash z (\z) command to display permission information on existing objects. For an example of this, see Example 13-1. The '. . .' denotes that data is deliberately missing from the listing to conserve space.

Example 13-1. Accessing Database Permissions

          Access permissions for database "booktown"
        Relation        |          Access permissions
------------------------+--------------------------------------
 1st_bent_rule          | 
 authors                |
 auto_identified        |  
   . . . 
 inv_totals             |
 inventory              | {"=","pma=arwR","group sales=arwR"}
 inventory_audit        | {"=","mark=arwR","group sales=arwR"} 
   . . . 

Examples

The following example grants all privileges on the employees table to the user account mark.

GRANT ALL ON employees TO mark;