Bird
Raised Fist0
PostgreSQLquery~3 mins

Why GRANT and REVOKE permissions in PostgreSQL? - Purpose & Use Cases

Choose your learning style10 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime

Start learning this pattern below

Jump into concepts and practice - no test required

or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
The Big Idea

What if you could control who touches your data with just a few simple commands?

The Scenario

Imagine you run a small library and keep all book records in a big notebook. You want to let some friends add new books or read the list, but not everyone should see or change everything.

Without a clear way to control who can do what, you might have to watch over everyone all the time or write down complicated rules on paper.

The Problem

Manually tracking who can access or change data is slow and confusing. You might forget who has permission, accidentally let someone change important info, or waste time fixing mistakes.

This makes your library records unsafe and your work stressful.

The Solution

GRANT and REVOKE commands let you easily give or take away specific rights to users in your database. You can say exactly who can read, add, or change data without watching over them constantly.

This keeps your data safe and your work simple.

Before vs After
Before
Keep a notebook list of who can do what and check it every time someone wants access.
After
GRANT SELECT ON books TO alice;
REVOKE INSERT ON books FROM bob;
What It Enables

You can safely share your data with the right people, knowing exactly what each person can do.

Real Life Example

A company database lets the sales team view customer info but only the managers can update it, all controlled easily with GRANT and REVOKE.

Key Takeaways

Manually managing permissions is confusing and risky.

GRANT and REVOKE give clear, simple control over who can do what.

This keeps data safe and sharing easy.

Practice

(1/5)
1. What does the GRANT command do in PostgreSQL?
easy
A. It gives specific permissions to a user or role.
B. It deletes a user from the database.
C. It creates a new database.
D. It backs up the database.

Solution

  1. Step 1: Understand the purpose of GRANT

    The GRANT command is used to give permissions like SELECT, INSERT, or UPDATE to users or roles.

  2. Step 2: Compare with other options

    Deleting users, creating databases, or backing up are done by other commands, not GRANT.

  3. Final Answer:

    It gives specific permissions to a user or role. -> Option A

  4. Quick Check:

    GRANT = give permissions [OK]
Hint: GRANT means give rights; REVOKE means take away [OK]
Common Mistakes:
  • Confusing GRANT with user creation
  • Thinking GRANT deletes data
  • Mixing GRANT with backup commands
2. Which of the following is the correct syntax to grant SELECT permission on table employees to user john?
easy
A. GRANT ON employees SELECT TO john;
B. GRANT john ON employees SELECT;
C. GRANT SELECT TO john ON employees;
D. GRANT SELECT ON employees TO john;

Solution

  1. Step 1: Recall correct GRANT syntax

    The correct syntax is: GRANT permission ON object TO user;

  2. Step 2: Match syntax with options

    GRANT SELECT ON employees TO john; matches the correct order: GRANT SELECT ON employees TO john;

  3. Final Answer:

    GRANT SELECT ON employees TO john; -> Option D

  4. Quick Check:

    GRANT + permission + ON + object + TO + user [OK]
Hint: GRANT permission ON object TO user; is the pattern [OK]
Common Mistakes:
  • Mixing order of keywords
  • Placing user before permission
  • Omitting ON keyword
3. Given the commands:
GRANT SELECT ON customers TO alice;
REVOKE SELECT ON customers FROM alice;
What permissions does user alice have on table customers after these commands?
medium
A. Alice can SELECT from customers.
B. Alice can INSERT into customers.
C. Alice cannot SELECT from customers.
D. Alice has all permissions on customers.

Solution

  1. Step 1: Analyze the GRANT command

    Alice is given SELECT permission on customers table.

  2. Step 2: Analyze the REVOKE command

    The SELECT permission is then revoked from Alice, removing her ability to SELECT.

  3. Final Answer:

    Alice cannot SELECT from customers. -> Option C

  4. Quick Check:

    REVOKE removes permission given by GRANT [OK]
Hint: REVOKE removes permissions previously granted [OK]
Common Mistakes:
  • Assuming REVOKE adds permissions
  • Confusing SELECT with INSERT
  • Ignoring the order of commands
4. Identify the error in the following command:
REVOKE ALL PRIVILEGES employees FROM bob;
medium
A. The order of keywords is incorrect.
B. The user name should be before the table name.
C. REVOKE cannot be used with ALL PRIVILEGES.
D. The command is correct.

Solution

  1. Step 1: Check correct REVOKE syntax

    The correct syntax is: REVOKE privileges ON object FROM user;

  2. Step 2: Compare with given command

    The command uses: REVOKE ALL PRIVILEGES employees FROM bob; missing ON keyword and wrong order.

  3. Final Answer:

    The order of keywords is incorrect. -> Option A

  4. Quick Check:

    REVOKE + privileges + ON + object + FROM + user [OK]
Hint: REVOKE syntax requires ON before object [OK]
Common Mistakes:
  • Omitting ON keyword
  • Swapping user and object positions
  • Using ALL PRIVILEGES incorrectly
5. You want to allow user carol to insert and update data on table orders, but not delete. Which commands correctly grant these permissions?
hard
A. GRANT DELETE ON orders TO carol;
B. GRANT INSERT, UPDATE ON orders TO carol;
C. GRANT ALL PRIVILEGES ON orders TO carol;
D. GRANT SELECT, DELETE ON orders TO carol;

Solution

  1. Step 1: Identify required permissions

    Carol needs INSERT and UPDATE permissions only, no DELETE.

  2. Step 2: Match commands with required permissions

    GRANT INSERT, UPDATE ON orders TO carol; grants INSERT and UPDATE correctly. Options B and D grant DELETE, which is not wanted. GRANT ALL PRIVILEGES ON orders TO carol; grants all permissions, including DELETE.

  3. Final Answer:

    GRANT INSERT, UPDATE ON orders TO carol; -> Option B

  4. Quick Check:

    Grant only needed permissions, avoid ALL PRIVILEGES if not required [OK]
Hint: Grant only needed permissions, avoid ALL PRIVILEGES if unsure [OK]
Common Mistakes:
  • Granting DELETE when not needed
  • Using ALL PRIVILEGES carelessly
  • Confusing SELECT with UPDATE