GRANT(l)                                                 GRANT(l)

NAME
       GRANT  - Grants access privilege to a user, a group or all
       users

SYNOPSIS
       GRANT privilege [, ...] ON object [, ...]
           TO { PUBLIC | GROUP group | username }

   INPUTS
       privilege
              The possible privileges are:

              SELECT Access all of  the  columns  of  a  specific
                     table/view.

              INSERT Insert  data  into all columns of a specific
                     table.

              UPDATE Update all columns of a specific table.

              DELETE Delete rows from a specific table.

              RULE   Define rules on the table/view  (See  CREATE
                     RULE statement).

              ALL    Grant all privileges.

       object The  name  of  an  object to which to grant access.
              The possible objects are:

              o table

              o view

              o sequence

              o index

       PUBLIC A short form representing all users.

       GROUP group
              A group to whom to grant privileges.  In  the  cur-
              rent  release, the group must be created explicitly
              as described below.

       username
              The name of a user to whom grant privileges. PUBLIC
              is a short form representing all users.

   OUTPUTS
       CHANGE Message returned if successful.

       ERROR: ChangeAcl: class "object" not found
              Message  returned  if  the  specified object is not
              available or if it is impossible to give privileges
              to the specified group or users.

DESCRIPTION
       GRANT  allows  the  creator  of an object to give specific
       permissions to all users (PUBLIC) or to a certain user  or
       group.  Users other than the creator don't have any access
       permission unless the creator  GRANTs  permissions,  after
       the object is created.

       Once a user has a privilege on an object, he is enabled to
       exercise that privilege.  There is no need to GRANT privi-
       leges  to  the creator of an object, the creator automati-
       cally holds ALL privileges, and can also drop the  object.

   NOTES
       Currently,  to  grant  privileges  in Postgres to only few
       columns, you must create a view having desired columns and
       then grant privileges to that view.

       Use  psql  \z for further information about permissions on
       existing objects:

              Database    = lusitania
          +------------------+---------------------------------------------+
          |  Relation        |        Grant/Revoke Permissions             |
          +------------------+---------------------------------------------+
          | mytable          | {"=rw","miriam=arwR","group todos=rw"}      |
          +------------------+---------------------------------------------+
          Legend:
                uname=arwR -- privileges granted to a user
          group gname=arwR -- privileges granted to a GROUP
                     =arwR -- privileges granted to PUBLIC

                         r -- SELECT
                         w -- UPDATE/DELETE
                         a -- INSERT
                         R -- RULE
                      arwR -- ALL

              Tip: Currently, to  create  a  GROUP  you  have  to
              insert data manually into table pg_group as:

              INSERT INTO pg_group VALUES ('todos');
              CREATE USER miriam IN GROUP todos;

       Refer to REVOKE statements to revoke access privileges.

USAGE
       Grant insert privilege to all users on table films:

       GRANT INSERT ON films TO PUBLIC;

       Grant all privileges to user manuel on view kinds:

       GRANT ALL ON kinds TO manuel;

COMPATIBILITY
   SQL92
       The  SQL92  syntax for GRANT allows setting privileges for
       individual columns within a table, and  allows  setting  a
       privilege to grant the same privileges to others:

       GRANT privilege [, ...]
           ON object [ ( column [, ...] ) ] [, ...]
           TO { PUBLIC | username [, ...] } [ WITH GRANT OPTION ]

       Fields  are  compatible  with  the  those  in the Postgres
       implementation, with the following additions:

       privilege
              SQL92 permits additional privileges  to  be  speci-
              fied:

              SELECT

              REFERENCES
                     Allowed  to  reference  some  or  all of the
                     columns  of   a   specific   table/view   in
                     integrity constraints.

              USAGE  Allowed to use a domain, character set, col-
                     lation or translation.  If an object  speci-
                     fies anything other than a table/view, priv-
                     ilege must specify only USAGE.

       object

              [ TABLE ] table
                     SQL92 allows the  additional  non-functional
                     keyword TABLE.

              CHARACTER SET
                     Allowed  to use the specified character set.

              COLLATION
                     Allowed  to  use  the  specified   collation
                     sequence.

              TRANSLATION
                     Allowed  to  use the specified character set
                     translation.

              DOMAIN Allowed to use the specified domain.

              WITH GRANT OPTION
                     Allowed to grant the same privilege to  oth-
                     ers.

SQL - Language Statements 15 August 1999                        1