Skip to main content

Grant and revoke

Qualified users can grant roles various privileges on tables. These privileges are any combination of select, insert, update, references, alter and index. Any privilege can be later revoked, which takes any combination of the previously granted privileges.

grant:
    GRANT privileges TO grantees [ WITH GRANT OPTION ] [ WITH ADMIN grantor ]
  | GRANT authid_list TO grantees [ WITH ADMIN OPTION ] [ WITH ADMIN grantor ]

revoke:
    REVOKE [ GRANT OPTION FOR ] privileges FROM grantees [ FROM grantor ]
  | REVOKE [ ADMIN OPTION FOR ] authid ','... FROM grantees [ FROM grantor ]

grantor: CURRENT_USER | CURRENT_ROLE

privileges: object_privileges ON TABLE [ ident | ident ]

object_privileges: ALL [ PRIVILEGES ] | operation ','...

operation: INSERT | DELETE | [ UPDATE | SELECT | REFERENCES ] opt_column_list
    | EXECUTE grantees: [ PUBLIC | authid ] ','...