Scribd
Upload
32 views

PG Users&privil

PostgreSQL uses roles to manage user authentication and privileges. Roles can be login or group roles. Privileges like SELECT, INSERT, UPDATE are granted on database objects and can be managed using GRANT and REVOKE statements. Group roles allow assigning privileges to multiple users.

Uploaded by

venkatasuneelmande
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as RTF, PDF, TXT or read online on Scribd
32 views

PG Users&privil

PostgreSQL uses roles to manage user authentication and privileges. Roles can be login or group roles. Privileges like SELECT, INSERT, UPDATE are granted on database objects and can be managed using GRANT and REVOKE statements. Group roles allow assigning privileges to multiple users.

Uploaded by

venkatasuneelmande
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as RTF, PDF, TXT or read online on Scribd
You are on page 1/ 7

#######################################--

POSTGRESQL USERS PRIVILEGES--#################################

Roles: PostgreSQL uses roles to manage user authentication and authorization. Roles can be thought
of as users or groups of users. There are two types of roles: login roles and group roles.

Login Roles: These are roles that can be used to log in to the database. They have the ability to
connect to a database, but they may not necessarily have any privileges within that database.

Group Roles: These roles are used to group other roles together. Group roles can inherit
permissions from other roles, making it easier to manage permissions for multiple users.

Privileges: Privileges in PostgreSQL are granted on database objects such as tables, schemas,
sequences, functions, etc. The commonly used privileges are:

SELECT: Allows the user to read data from a table.

INSERT: Allows the user to insert rows into a table.

UPDATE: Allows the user to modify existing rows in a table.

DELETE: Allows the user to remove rows from a table.

CREATE: Allows the user to create new objects (e.g., tables, indexes, etc.).

ALTER: Allows the user to alter the structure of existing objects.

DROP: Allows the user to delete objects.

GRANT: Allows the user to grant privileges to other users.

REVOKE: Allows the user to revoke previously granted privileges.

USAGE: Allows the user to use a schema.

Access Control Lists (ACLs): PostgreSQL allows fine-grained control over permissions through ACLs.
ACLs define who has access to which objects and what type of access they have.
GRANT and REVOKE Statements: These SQL commands are used to grant or revoke privileges on
database objects to/from users and roles.

-- Grant SELECT privilege on a table

GRANT SELECT ON table_name TO user_or_role;

-- Grant multiple privileges at once

GRANT SELECT, INSERT, UPDATE ON table_name TO user_or_role;

-- Revoke privilege

REVOKE SELECT ON table_name FROM user_or_role;

CREATE USER:

CREATE ROLE username WITH LOGIN PASSWORD 'password';

Creating Login Roles:

A login role is a user account that can connect to the database. This type of role has login privileges.

Example:

CREATE ROLE username LOGIN PASSWORD 'password';

This creates a login role with the specified username and assigns it a password.

Creating Group Roles:

A group role is a role that can contain other roles. It simplifies the management of permissions by
allowing you to grant permissions to a group rather than individual users.

Example:

CREATE ROLE groupname;

This creates a group role with the specified groupname.

Creating Roles with Specific Privileges:

You can create roles with specific privileges at the time of creation.

Example:

CREATE ROLE rolename WITH LOGIN PASSWORD 'password' CREATEDB CREATEROLE;

This creates a role with login privileges, password, and the ability to create databases and roles.
Creating Roles Without Login Privileges:

Sometimes, you may need to create roles that cannot log in but can be assigned certain privileges to
perform administrative tasks or to own objects.

Example:

CREATE ROLE rolename NOLOGIN;

This creates a role without login privileges.

Creating Roles with Specific Attributes:

You can create roles with specific attributes, such as setting a role as a superuser, setting connection
limits, setting password expiration, etc.

Example:

CREATE ROLE rolename SUPERUSER CONNECTION LIMIT 10 VALID UNTIL '2024-12-31';

This creates a superuser role with a connection limit of 10 and an expiration date.

Creating Roles by Cloning Existing Roles:

You can create roles by cloning existing roles, which copies the settings and privileges of the existing
role.

Example:

CREATE ROLE new_role_name WITH LOGIN PASSWORD 'password' IN ROLE existing_role_name;

This creates a new role with the specified name, password, and inherits privileges from an existing
role.

Granting Superuser Privileges at Role Creation:

CREATE ROLE username SUPERUSER LOGIN PASSWORD 'password';

This statement creates a new role with superuser privileges. Replace 'username' with the desired
username and 'password' with the desired password.

Granting Superuser Privileges to an Existing Role:

ALTER ROLE existing_username SUPERUSER;

This statement grants superuser privileges to an existing role named existing_username. Replace
existing_username with the name of the role you want to grant superuser privileges to.
To revoke superuser privileges from a role in PostgreSQL, you can use the NOSUPERUSER attribute
when altering the role. Here's how you can do it:

ALTER ROLE username NOSUPERUSER;

This statement revokes superuser privileges from the role named username. Replace username with
the name of the role from which you want to revoke superuser privileges.

Please note that simply revoking the superuser privilege doesn't fully revoke all superuser abilities. A
user with superuser privileges can still potentially regain access via other means, such as modifying
configuration files or restarting the PostgreSQL server with certain options.

If you want to ensure that a user no longer has any superuser abilities, you may need to review other
aspects such as operating system permissions, PostgreSQL configuration settings, and so on, to ensure
that the user is appropriately restricted.

To delete a user (role) in PostgreSQL, you can use the DROP ROLE statement. Here's how you can do it:

DROP ROLE username;

This statement will delete the user (role) with the specified username. Replace username with the
name of the user you want to delete.

It's important to note that when you delete a user, PostgreSQL will also remove any associated
privileges and objects owned by that user. So, exercise caution when deleting users, especially if they
own important database objects.

To create a group role in PostgreSQL and add users to the group, you'll need to follow these steps:

Create the Group Role:

You create a group role similarly to creating a regular role, but you don't need to specify the LOGIN
attribute because group roles are not intended for direct login.

CREATE ROLE groupname;

Replace groupname with the desired name for your group role.

Add Users to the Group:

After creating the group role, you can add individual users to it using the ALTER ROLE statement.

ALTER ROLE username IN GROUP groupname;

Replace username with the name of the user you want to add to the group and groupname with the
name of the group role you created earlier.

Here's a concrete example:


-- Create the group role

CREATE ROLE my_group;

-- Add users to the group

ALTER ROLE user1 IN GROUP my_group;

ALTER ROLE user2 IN GROUP my_group;

In this example, user1 and user2 are added to the group role named my_group.

Once users are added to the group, they inherit the privileges granted to the group. You can grant
permissions to the group role, and all members of the group will inherit those permissions. This
simplifies permission management, especially when multiple users need similar access levels.

For example, to grant SELECT permission on a table named my_table to the group role my_group, you
would use:

GRANT SELECT ON my_table TO my_group;

If you want to grant multiple permissions at once, you can specify them separated by commas:

GRANT SELECT, INSERT, UPDATE ON my_table TO my_group;

This grants SELECT, INSERT, and UPDATE permissions on my_table to my_group.

You can also grant permissions on schemas, sequences, functions, and other database objects using
similar GRANT statements.

To remove a user from a group role in PostgreSQL, you use the ALTER ROLE statement with the DROP
option. Here's how you can remove a user from a group:

ALTER ROLE username DROP GROUP groupname;

Using pg_roles:

The pg_roles system catalog contains information about database roles. You can query this catalog to
see the privileges granted to specific users.

SELECT rolname, rolsuper, rolcreaterole, rolcreatedb FROM pg_roles WHERE rolname = 'username';

Replace 'username' with the name of the user whose privileges you want to see. This query will return
information about the specified user's privileges, such as whether they are a superuser (rolsuper),
whether they can create roles (rolcreaterole), and whether they can create databases (rolcreatedb).

Using information_schema.role_table_grants:
The information_schema.role_table_grants view provides information about privileges granted to roles
on tables.

SELECT grantee, table_name, privilege_type

FROM information_schema.role_table_grants

WHERE grantee = 'username';

Replace 'username' with the name of the user whose privileges you want to see. This query will return
a list of tables and the privileges granted to the specified user on those tables.

To grant privileges on a schema to a user in PostgreSQL, you can use the GRANT statement. Here's how
you can do it:

GRANT privilege_type ON SCHEMA schema_name TO username;

Replace privilege_type with the type of privilege you want to grant (e.g., SELECT, INSERT, UPDATE,
DELETE, USAGE, etc.), schema_name with the name of the schema to which you're granting privileges,
and username with the name of the user to whom you're granting privileges.

For example, to grant SELECT and INSERT privileges on a schema named my_schema to a user named
my_user, you would use:

GRANT SELECT, INSERT ON SCHEMA my_schema TO my_user;

If you want to grant all privileges on the schema, you can use the ALL PRIVILEGES shortcut:

GRANT ALL PRIVILEGES ON SCHEMA my_schema TO my_user;

This grants all available privileges on the specified schema to the user.

Using SQL Queries:

You can query the information_schema.schemata view to retrieve information about schemas in the
current database:

SELECT schema_name FROM information_schema.schemata;

This query will return the names of all schemas in the current database.

Using PostgreSQL's Meta-Commands:

If you're using the PostgreSQL command-line interface psql, you can use the \dn meta-command to list
all schemas:

\dn

This command will display a list of all schemas in the current database.
Using SQL Shell (psql) Queries:

You can also use SQL queries directly within the PostgreSQL shell to list schemas:

SELECT nspname FROM pg_catalog.pg_namespace;

This query retrieves the names of all schemas in the current database from the pg_namespace system
catalog table.

You might also like