GRANT Privileges in PostgreSQL | Grant Permissions to Roles & Tables
Learn how to use PostgreSQL GRANT to give SELECT, INSERT, UPDATE, DELETE and CONNECT privileges to roles. Includes syntax, common privileges, and practical examples.
๐ What is GRANT in PostgreSQL?
In PostgreSQL, the GRANT command is used to give permissions (privileges) to users (roles) on database objects like tables, schemas, or databases.
๐ In simple words: GRANT = Give access to someone
๐ฏ Why do we use GRANT?
We use GRANT to:
- ๐ Control who can access what
-
๐จโ๐ป Allow users to perform actions like:
SELECT(read data)INSERT(add data)UPDATE(modify data)DELETE(remove data)
- ๐ก๏ธ Improve database security
- ๐งโ๐คโ๐ง Support multi-user environments
๐งพ Basic Syntax
GRANT privilege(s)
ON object_name
TO role_name;
๐งฉ Common Privileges
| Privilege | Meaning |
|---|---|
| SELECT | Read data |
| INSERT | Add new rows |
| UPDATE | Modify existing data |
| DELETE | Remove rows |
| ALL | All privileges |
โ Example
Step 1: Create a user (role)
CREATE ROLE trainee WITH LOGIN PASSWORD '1234';
Step 2: Grant access to a table
GRANT SELECT ON customer TO trainee;
๐ Now trainee can only view data from customer table.
๐ Multiple Privileges Example
GRANT SELECT, INSERT, UPDATE
ON customer
TO trainee;
๐ Now user can:
- Read
- Add
- Modify data
๐ Grant on Entire Database
GRANT CONNECT ON DATABASE dvdrental TO trainee;
๐ Allows user to connect to the dvdrental database.
๐ง Important Notes
- You must be owner or superuser to grant permissions.
- Permissions can be revoked using
REVOKE. - Roles can be users or groups.
๐งช Practical Lab Exercise (Beginner Friendly)
๐ฏ Objective:
Learn how to control access using GRANT.
๐น Task 1: Create a Role
CREATE ROLE student1 WITH LOGIN PASSWORD 'pass123';
๐น Task 2: Grant Database Access
GRANT CONNECT ON DATABASE dvdrental TO student1;
๐น Task 3: Grant Read Access
GRANT SELECT ON film TO student1;
๐ Test: Login as student1 and run:
SELECT * FROM film;
๐น Task 4: Try Restricted Action
INSERT INTO film(title) VALUES ('Test Movie');
โ This should fail (no INSERT permission)
๐น Task 5: Grant INSERT Permission
GRANT INSERT ON film TO student1;
๐ Try INSERT again โ โ Should work
๐น Task 6: Grant All Permissions
GRANT ALL ON film TO student1;
๐น Challenge Task ๐ก
- Create another role
viewer - Allow only SELECT on
actortable - Block all other operations
๐งพ Summary
GRANT= Give permission- Used for security & access control
- Works on tables, databases, schemas
- Helps manage multiple users safely
Below is a complete step-by-step real-world university system scenario showing:
โ Database creation โ Table design โ Role creation โ GRANT usage (security layer) โ Testing access like a real system
Using PostgreSQL
๐ University System with GRANT (Step-by-Step Lab)
๐ Goal
We will build a small University Database System where:
- Students can only view data
- Teachers can manage marks
- Admin controls everything using GRANT
ERD Diagram for University Database System
๐งฑ STEP 1: Create Database
CREATE DATABASE university_db;
๐ Now connect to database:
\c university_db
๐๏ธ STEP 2: Create Main Tables
๐ 2.1 Students Table
CREATE TABLE students (
student_id SERIAL PRIMARY KEY,
name VARCHAR(100),
department VARCHAR(50),
email VARCHAR(100)
);
๐ 2.2 Courses Table
CREATE TABLE courses (
course_id SERIAL PRIMARY KEY,
course_name VARCHAR(100),
credit_hours INT
);
๐ 2.3 Enrollments Table
CREATE TABLE enrollments (
enroll_id SERIAL PRIMARY KEY,
student_id INT REFERENCES students(student_id),
course_id INT REFERENCES courses(course_id)
);
๐ 2.4 Marks Table
CREATE TABLE marks (
mark_id SERIAL PRIMARY KEY,
student_id INT REFERENCES students(student_id),
course_id INT REFERENCES courses(course_id),
marks INT
);
๐ฅ STEP 3: Create Roles (Users)
๐ Student Role
CREATE ROLE student WITH LOGIN PASSWORD '123';
๐จโ๐ซ Teacher Role
CREATE ROLE teacher WITH LOGIN PASSWORD '123';
๐งโ๐ผ Admin Role
CREATE ROLE admin WITH LOGIN PASSWORD 'admin123';
๐ STEP 4: Grant Database Access
Allow connection to database
GRANT CONNECT ON DATABASE university_db TO student;
GRANT CONNECT ON DATABASE university_db TO teacher;
GRANT CONNECT ON DATABASE university_db TO admin;
๐ STEP 5: GRANT Permissions (Core Security)
๐ 5.1 Student Permissions (Read Only)
GRANT SELECT ON students TO student;
GRANT SELECT ON courses TO student;
GRANT SELECT ON enrollments TO student;
GRANT SELECT ON marks TO student;
๐ Students can ONLY VIEW data
โ Cannot insert/update/delete
๐จโ๐ซ 5.2 Teacher Permissions
GRANT SELECT ON students TO teacher;
GRANT SELECT ON courses TO teacher;
GRANT SELECT ON enrollments TO teacher;
Teachers can manage marks:
GRANT SELECT, INSERT, UPDATE ON marks TO teacher;
๐งโ๐ผ 5.3 Admin Permissions (Full Control)
GRANT ALL PRIVILEGES ON students TO admin;
GRANT ALL PRIVILEGES ON courses TO admin;
GRANT ALL PRIVILEGES ON enrollments TO admin;
GRANT ALL PRIVILEGES ON marks TO admin;
๐งช STEP 6: Insert Sample Data (Admin Role)
INSERT INTO students (name, department, email)
VALUES
('Ali Khan', 'CS', 'ali@uni.edu'),
('Sara Ahmed', 'IT', 'sara@uni.edu');
INSERT INTO courses (course_name, credit_hours)
VALUES
('Database Systems', 3),
('Web Development', 4);
๐จโ๐ STEP 7: Testing Role Access
๐ Login as Student
SELECT * FROM students;
โ Allowed
โ Try Insert (Should FAIL)
INSERT INTO students(name, department, email)
VALUES ('Test Student', 'CS', 'test@uni.edu');
๐ ERROR: permission denied
๐จโ๐ซ Login as Teacher
โ View students
SELECT * FROM students;
โ Insert marks
INSERT INTO marks(student_id, course_id, marks)
VALUES (1, 1, 85);
โ Update marks
UPDATE marks
SET marks = 90
WHERE student_id = 1;
๐งโ๐ผ Login as Admin
Full control:
DELETE FROM students WHERE student_id = 2;
โ Works
๐ง STEP 8: How GRANT Works (Concept)
Think of it like a University Gate System:
| Role | Access Level |
|---|---|
| Student | Read only (library access) |
| Teacher | Edit marks + view data |
| Admin | Full control (system owner) |
๐ STEP 9: Security Logic (Important)
โ GRANT = give permission โ REVOKE = remove permission โ Roles = users or groups
๐ Without GRANT: Users cannot even see tables
๐ FINAL SUMMARY
In this real-world university system:
โ Database created โ Tables designed โ Roles created โ Permissions assigned using GRANT โ Access controlled by role type