GRANT privilege [, ...] ON object [, ...] TO { PUBLIC | GROUP group | username } |
The possible privileges are:
Access all of the columns of a specific table/view.
Insert data into all columns of a specific table.
Update all columns of a specific table.
Delete rows from a specific table.
Define rules on the table/view.
Grant all privileges.
The name of an object to which to grant access. The possible objects are table, view, and sequence.
A short form representing all users.
A group to whom to grant privileges.
The name of a user to whom to grant privileges. PUBLIC is a short form representing all users.
GRANT allows the creator of an object to give specific permissions to all users (PUBLIC) or to a certain user or group. Users other than the creator do not have any access permission unless the creator GRANTs permissions, after the object is created.
Once a user has a privilege on an object, the user may exercise that privilege. There is no need to GRANT privileges to the creator of an object, the creator automatically holds ALL privileges, and can also drop the object.
Grant insert privilege to all users on table films:
GRANT INSERT ON films TO PUBLIC; |
Grant all privileges to user manuel on view kinds:
GRANT ALL ON kinds TO manuel; |
The SQL92 syntax for GRANT allows setting privileges for individual columns within a table, and allows setting a privilege to grant the same privileges to others:
GRANT privilege [, ...] ON object [ ( column [, ...] ) ] [, ...] TO { PUBLIC | username [, ...] } [ WITH GRANT OPTION ] |
Fields are compatible with those in the PostgreSQL implementation, with the following additions:
SQL92 permits additional privileges to be specified:
Access all columns of a specified table/view.
Allowed to reference some or all of the columns of a specific table/view in integrity constraints.
Allowed to use a domain, character set, collation or translation. If an object specifies anything other than a table/view, privilege must specify only USAGE.
SQL92 allows the additional non-functional keyword TABLE.
Allowed to use the specified character set.
Allowed to use the specified collation sequence.
Allowed to use the specified character set translation.
Allowed to use the specified domain.
Allowed to grant the same privilege to others.