GRANT { { SELECT | INSERT | UPDATE | DELETE | RULE | REFERENCES | TRIGGER } [,...] | ALL [ PRIVILEGES ] }
ON [ TABLE ] objectname [, ...]
TO { username | GROUP groupname | PUBLIC } [, ...]
The GRANT command gives specific permissions on an object (table, view, sequence) to one or more users or groups of users. These permissions are added to those already granted, if any.
The key word PUBLIC indicates that the privileges are to be granted to all users, including those that may be created later. PUBLIC may be thought of as an implicitly defined group that always includes all users. Note that any particular user will have the sum of privileges granted directly to him, privileges granted to any group he is presently a member of, and privileges granted to PUBLIC.
Users other than the creator of an object do not have any access privileges to the object unless the creator grants permissions. There is no need to grant privileges to the creator of an object, as the creator automatically holds all privileges. (The creator could, however, choose to revoke some of his own privileges for safety. Note that the ability to grant and revoke privileges is inherent in the creator and cannot be lost. The right to drop the object is likewise inherent in the creator, and cannot be granted or revoked.)
The possible privileges are:
Allows SELECT from any column of the specified table, view, or sequence. Also allows the use of COPY FROM.
Allows INSERT of a new row into the specified table. Also allows COPY TO.
Allows UPDATE
of any column of the specified table. SELECT ... FOR UPDATE also requires this
privilege (besides the SELECT
privilege). For sequences, this privilege allows the use of
nextval, currval and setval.
Allows