Bird
Raised Fist0
PostgreSQLquery~5 mins

GRANT and REVOKE permissions in PostgreSQL

Choose your learning style10 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime

Start learning this pattern below

Jump into concepts and practice - no test required

or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
Introduction

GRANT and REVOKE let you control who can do what in your database. They help keep your data safe by giving or taking away permissions.

You want to let a colleague read data but not change it.
You need to allow a user to add new records to a table.
You want to stop someone from deleting data they used to access.
You are setting up a new user and want to give them specific rights.
You want to remove permissions from a user who no longer needs them.
Syntax
PostgreSQL
GRANT privilege_type ON object TO user;
REVOKE privilege_type ON object FROM user;

privilege_type can be SELECT, INSERT, UPDATE, DELETE, etc.

object is usually a table, view, or database.

Examples
This lets user alice read data from the employees table.
PostgreSQL
GRANT SELECT ON employees TO alice;
This stops user bob from adding new rows to the employees table.
PostgreSQL
REVOKE INSERT ON employees FROM bob;
This gives carol all rights on the company_db database.
PostgreSQL
GRANT ALL PRIVILEGES ON DATABASE company_db TO carol;
Sample Program

This creates a products table, gives user john permission to read and add data, then shows what permissions john has on that table.

PostgreSQL
CREATE TABLE products (id SERIAL PRIMARY KEY, name TEXT, price NUMERIC);

GRANT SELECT, INSERT ON products TO john;

-- Check permissions for john
-- (In PostgreSQL, you can query information_schema.role_table_grants)

SELECT grantee, privilege_type FROM information_schema.role_table_grants WHERE table_name = 'products' AND grantee = 'john';
OutputSuccess
Important Notes

Only a database superuser or the object owner can grant or revoke permissions.

Be careful granting ALL PRIVILEGES; it gives full control.

Permissions can be given on different levels: tables, schemas, or entire databases.

Summary

GRANT lets you give specific rights to users.

REVOKE takes those rights away.

Use them to keep your data safe and control access.

Practice

(1/5)
1. What does the GRANT command do in PostgreSQL?
easy
A. It gives specific permissions to a user or role.
B. It deletes a user from the database.
C. It creates a new database.
D. It backs up the database.

Solution

  1. Step 1: Understand the purpose of GRANT

    The GRANT command is used to give permissions like SELECT, INSERT, or UPDATE to users or roles.

  2. Step 2: Compare with other options

    Deleting users, creating databases, or backing up are done by other commands, not GRANT.

  3. Final Answer:

    It gives specific permissions to a user or role. -> Option A

  4. Quick Check:

    GRANT = give permissions [OK]
Hint: GRANT means give rights; REVOKE means take away [OK]
Common Mistakes:
  • Confusing GRANT with user creation
  • Thinking GRANT deletes data
  • Mixing GRANT with backup commands
2. Which of the following is the correct syntax to grant SELECT permission on table employees to user john?
easy
A. GRANT ON employees SELECT TO john;
B. GRANT john ON employees SELECT;
C. GRANT SELECT TO john ON employees;
D. GRANT SELECT ON employees TO john;

Solution

  1. Step 1: Recall correct GRANT syntax

    The correct syntax is: GRANT permission ON object TO user;

  2. Step 2: Match syntax with options

    GRANT SELECT ON employees TO john; matches the correct order: GRANT SELECT ON employees TO john;

  3. Final Answer:

    GRANT SELECT ON employees TO john; -> Option D

  4. Quick Check:

    GRANT + permission + ON + object + TO + user [OK]
Hint: GRANT permission ON object TO user; is the pattern [OK]
Common Mistakes:
  • Mixing order of keywords
  • Placing user before permission
  • Omitting ON keyword
3. Given the commands:
GRANT SELECT ON customers TO alice;
REVOKE SELECT ON customers FROM alice;
What permissions does user alice have on table customers after these commands?
medium
A. Alice can SELECT from customers.
B. Alice can INSERT into customers.
C. Alice cannot SELECT from customers.
D. Alice has all permissions on customers.

Solution

  1. Step 1: Analyze the GRANT command

    Alice is given SELECT permission on customers table.

  2. Step 2: Analyze the REVOKE command

    The SELECT permission is then revoked from Alice, removing her ability to SELECT.

  3. Final Answer:

    Alice cannot SELECT from customers. -> Option C

  4. Quick Check:

    REVOKE removes permission given by GRANT [OK]
Hint: REVOKE removes permissions previously granted [OK]
Common Mistakes:
  • Assuming REVOKE adds permissions
  • Confusing SELECT with INSERT
  • Ignoring the order of commands
4. Identify the error in the following command:
REVOKE ALL PRIVILEGES employees FROM bob;
medium
A. The order of keywords is incorrect.
B. The user name should be before the table name.
C. REVOKE cannot be used with ALL PRIVILEGES.
D. The command is correct.

Solution

  1. Step 1: Check correct REVOKE syntax

    The correct syntax is: REVOKE privileges ON object FROM user;

  2. Step 2: Compare with given command

    The command uses: REVOKE ALL PRIVILEGES employees FROM bob; missing ON keyword and wrong order.

  3. Final Answer:

    The order of keywords is incorrect. -> Option A

  4. Quick Check:

    REVOKE + privileges + ON + object + FROM + user [OK]
Hint: REVOKE syntax requires ON before object [OK]
Common Mistakes:
  • Omitting ON keyword
  • Swapping user and object positions
  • Using ALL PRIVILEGES incorrectly
5. You want to allow user carol to insert and update data on table orders, but not delete. Which commands correctly grant these permissions?
hard
A. GRANT DELETE ON orders TO carol;
B. GRANT INSERT, UPDATE ON orders TO carol;
C. GRANT ALL PRIVILEGES ON orders TO carol;
D. GRANT SELECT, DELETE ON orders TO carol;

Solution

  1. Step 1: Identify required permissions

    Carol needs INSERT and UPDATE permissions only, no DELETE.

  2. Step 2: Match commands with required permissions

    GRANT INSERT, UPDATE ON orders TO carol; grants INSERT and UPDATE correctly. Options B and D grant DELETE, which is not wanted. GRANT ALL PRIVILEGES ON orders TO carol; grants all permissions, including DELETE.

  3. Final Answer:

    GRANT INSERT, UPDATE ON orders TO carol; -> Option B

  4. Quick Check:

    Grant only needed permissions, avoid ALL PRIVILEGES if not required [OK]
Hint: Grant only needed permissions, avoid ALL PRIVILEGES if unsure [OK]
Common Mistakes:
  • Granting DELETE when not needed
  • Using ALL PRIVILEGES carelessly
  • Confusing SELECT with UPDATE