PostgreSQL Role & Permissions: Who’s the Boss in Your Database?

PostgreSQL

"A good database is like a healthy relationship: stable, well-structured, and doesn’t crash easily. Start learning PostgreSQL now!"

Because giving everyone admin access is like handing out nuclear launch codes!

Introduction: Why Roles & Permissions Matter?

Imagine a company where:

• The intern can approve million-dollar transactions.
• The janitor can fire the CEO. 
• The marketing guy can delete the entire customer database.

Sounds like a disaster, right? Well, that’s exactly what happens if you don’t manage roles & permissions properly in PostgreSQL!

With PostgreSQL’s Role-Based Access Control (RBAC), you can:
  Assign specific permissions to users (so they don’t destroy everything).
  Use roles to group users (instead of managing each user manually).
  Keep your database secure & well-organized (so you can sleep peacefully at night).

Ready to become the ultimate database gatekeeper? Let’s go!

Understanding Roles in PostgreSQL

In PostgreSQL, roles = users + groups.

• A role can be an individual user (like john_doe). 
• A role can also be a group (like developers). 

By default, roles don’t have any privileges. You have to grant them powers!

Creating Roles & Users

Create a Basic Role (User)

CREATE ROLE newbie WITH LOGIN PASSWORD 'securepassword';

 WITH LOGIN makes it a user account (otherwise, it’s just a group).

Create a Role Without Login (Group Role)

CREATE ROLE developers;

 This is a group role—it can’t log in, but it can be assigned to users.

Give a User a Role (Assign to Group)

GRANT developers TO newbie;

 Now newbie is part of developers and inherits all its privileges. 

Check All Users & Roles 

SELECT rolname, rolsuper, rolcreatedb, rolcanlogin FROM pg_roles;

  rolsuper → Is the role a superuser?
  rolcreatedb → Can they create databases?
  rolcanlogin → Can this role log in?

Permissions & Privileges

Just creating users isn’t enough—they need permissions to do stuff!

Basic Privilege Commands

• GRANT → Give permissions
• REVOKE → Take permissions away

Grant Database Access

GRANT CONNECT ON DATABASE mydatabase TO newbie;

 Now newbie can connect to mydatabase but still can’t modify anything inside.

Grant Schema Access

GRANT USAGE ON SCHEMA public TO newbie;

 Now newbie can see the tables but can’t modify them.

Grant Table Permissions

Give SELECT (Read) Access

GRANT SELECT ON ALL TABLES IN SCHEMA public TO newbie;

 newbie can now read data, but not modify it.

Give INSERT (Add Data) Access

GRANT INSERT ON ALL TABLES IN SCHEMA public TO newbie;

 newbie can now add new records.

Give UPDATE (Modify Data) Access

GRANT UPDATE ON ALL TABLES IN SCHEMA public TO newbie;

 newbie can modify existing records.

Give DELETE (Remove Data) Access

GRANT DELETE ON ALL TABLES IN SCHEMA public TO newbie;

 newbie can now delete records (watch out for mistakes!).

Remove Permissions (If They Misbehave!)

If newbie is causing chaos, remove their privileges:

REVOKE INSERT, UPDATE, DELETE ON ALL TABLES IN SCHEMA public FROM newbie;

 Now, newbie can only read data, nothing else!

Superusers: The All-Powerful Role 

A superuser in PostgreSQL = Database God Mode. 

ALTER ROLE newbie WITH SUPERUSER;

 Warning: Superusers can do anything, including dropping the entire database. Use wisely!

Role Inheritance: Save Time Managing Permissions!

Instead of assigning permissions to each user, just use role inheritance!

Create a Group Role (Team Role)

CREATE ROLE developers;

Grant Privileges to the Group

GRANT SELECT, INSERT, UPDATE ON ALL TABLES IN SCHEMA public TO developers;

 Now, any user in developers will inherit these permissions automatically.

Assign Users to the Group

GRANT developers TO newbie;

 Now newbie inherits all permissions from developers.

 Boom! Managing permissions just became 10x easier!

Changing and Deleting Roles

Change a User’s Password

ALTER ROLE newbie WITH PASSWORD 'newpassword';

Remove a User from a Role

REVOKE developers FROM newbie;

Delete a Role Completely

DROP ROLE newbie;

Warning: If the role owns anything (tables, schemas, etc.), you must first reassign ownership:

REASSIGN OWNED BY newbie TO postgres;
DROP OWNED BY newbie;
DROP ROLE newbie;

Now the role is completely erased from PostgreSQL existence.

Best Practices for Role & Permission Management

  Use roles instead of assigning privileges directly to users.
  Limit SUPERUSER privileges (only trusted users should have them).
  Regularly audit user permissions (remove unused accounts).
  Follow the Principle of Least Privilege (give only necessary permissions).
  Use strong passwords (no password123, please!).

Who Runs the Database? YOU DO!

Now, you know how to:
  Create users & roles
  Grant & revoke permissions
  Use role inheritance to simplify management
  Keep your PostgreSQL database secure & well-organized

Roles & permissions = Your secret weapon for database security! Now go forth and rule your PostgreSQL kingdom wisely!