GRANT

Grant privileges on database objects to specific roles and grant membership in roles.

You can grant privileges on tables, columns in tables, sequences, stored procedures, schemas, databases, and keys. See also Privileges on Database Objects and Role Membership.

GRANT { { SELECT | INSERT | UPDATE | DELETE | TRUNCATE | REFERENCES  }
    [, ...] | ALL [ PRIVILEGES ] }
    ON { [ TABLE ] table_name [, ...]
         | ALL TABLES IN SCHEMA schema_name [, ...] }
    TO role_specification [, ...] [ WITH GRANT OPTION ]

GRANT { { SELECT | INSERT | UPDATE | REFERENCES } ( column_name [, ...] )
    [, ...] | ALL [ PRIVILEGES ] ( column_name [, ...] ) }
    ON [ TABLE ] table_name [, ...]
    TO role_specification [, ...] [ WITH GRANT OPTION ]

GRANT { { CREATE | CONNECT | TEMPORARY | TEMP } [, ...] | ALL [ PRIVILEGES ] }
    ON DATABASE database_name [, ...]
    TO role_specification [, ...] [ WITH GRANT OPTION ]

GRANT { EXECUTE | ALL [ PRIVILEGES ] }
    ON { PROCEDURE procedure_name ( [ [ argmode ] [ arg_name ] arg_type [, ...] ] ) [, ...]
         | ALL PROCEDURES IN SCHEMA schema_name [, ...] }
    TO role_specification [, ...] [ WITH GRANT OPTION ]

GRANT { { CREATE | USAGE } [, ...] | ALL [ PRIVILEGES ] }
    ON SCHEMA schema_name [, ...]
    TO role_specification [, ...] [ WITH GRANT OPTION ]

GRANT { { USAGE | SELECT | UPDATE }
    [, ...] | ALL [ PRIVILEGES ] }
    ON { SEQUENCE sequence_name [, ...]
         | ALL SEQUENCES IN SCHEMA schema_name [, ...] }
    TO role_specification [, ...] [ WITH GRANT OPTION ]

GRANT { ENCRYPT | DECRYPT | ALL [PRIVILEGES] } 
    ON KEY key_name 
    TO { role_specification } [, ...] [ WITH GRANT OPTION ]

where role_specification can be:

    role_name
  | PUBLIC
  | CURRENT_USER
  | SESSION_USER

GRANT role_name [, ...] TO role_name [, ...] [ WITH ADMIN OPTION ]
ON TABLE
Grant privileges on a table, a view, or specific columns in a table. You can use one statement to grant privileges on several tables or all of the tables in a schema.
ON DATABASE
Grant privileges on a physical database. You can use one statement to grant privileges on several databases.
ON PROCEDURE
Grant privileges on a stored procedure.
Note: A role cannot execute a procedure unless EXECUTE is granted to the role on the procedure and USAGE or ALL PRIVILEGES is granted to the role on the owning schema.
ON SEQUENCE
Grant privileges on specific sequence objects or all of the sequences in a given schema.
ON SCHEMA
Grant privileges on a schema in a database. You can use one statement to grant privileges on several schemas.
ON KEY
Grant privileges on a key in a database created with the CREATE KEY command.
SELECT
Privilege to select from the specified table or view, or specified columns in a table or view. This privilege applies to both temporary tables and persistent tables. This privilege also permits references to existing column values in UPDATE and DELETE statements.
INSERT
Privilege to insert or bulk load rows into the specified table or table column.
UPDATE
Privilege to update the specified table or the specified columns in a table. In most cases, UPDATE commands require SELECT privilege on the same table. UPDATE commands reference columns to determine which rows to update and to compute column values. For example, you would have to give SELECT access on the whole team table to vicky for this UPDATE command to work:
premdb=# grant select(teamid) on team to vicky;
GRANT
premdb=# grant update(teamid) on team to vicky;
GRANT
premdb=# \c premdb vicky
You are now connected to database "premdb" as user "vicky".
premdb=> update team set teamid=0 where teamid=3000;
ERROR:  permission denied for relation team
DELETE
Privilege to delete rows from the specified table or the specified columns in a table. In most cases, DELETE commands require SELECT privilege on the same table. DELETE commands reference columns to determine which rows to update.
TRUNCATE
Privilege to truncate a table.
REFERENCES
Privilege to create a foreign-key constraint (required on both the referencing table and the referenced table).
ALL PRIVILEGES
Grant all of the available privileges on the object.
Note: GRANT ALL does not equate to superuser or table owner privileges.

See also Granting Schema-Level Privileges to Members of a Role.

CREATE
For a database, privilege to create new schemas in that database. For a schema, privilege to create new tables and views in that schema. To rename an object, you must both own the object and have CREATE privilege for the schema that contains the object.
CONNECT
Privilege to connect to the specified database.
TEMPORARY
Privilege to create temporary tables while using the specified database.
ENCRYPT
Privilege to encrypt a key.
DECRYPT
Privilege to decrypt a key.
USAGE
Privilege to access objects in the specified schema (assuming that privileges specific to those objects are met). This privilege allows the role to see objects within the schema, but does not grant SELECT on the tables in the schema. See also Granting Schema-Level Privileges to Members of a Role.
WITH GRANT OPTION
The role can grant the same privilege to other roles. You cannot grant options to PUBLIC.
role_specification
Name of an existing role or one of the following:
WITH ADMIN OPTION
Privilege to grant and revoke membership in the role to others.

Examples

Grant all privileges on the match table to the user bobr:
premdb=# grant all on match to bobr;
GRANT
Grant SELECT privilege on all tables in the sys schema to the user vicky:
premdb=# grant select on all tables in schema sys to vicky;
GRANT

Grant EXECUTE privilege on a stored procedure to the ybd user.
premdb=# grant execute on procedure proc1() to ybd;
GRANT
Grant EXECUTE privilege on all stored procedures in the public schema to the ybd user:
premdb=# grant execute on all procedures in schema public to ybd;
GRANT
Grant privileges on sequences:
premdb=# grant usage on matchid to bobr;
GRANT
premdb=# revoke usage on matchid from bobr;
REVOKE
premdb=# grant select on all sequences in schema public to bobr;
GRANT
Grant ENCRYPT privilege on key yb100key to user yb100:
premdb=# grant encrypt on key yb100key to yb100;
GRANT
Grant both ENCRYPT and DECRYPT privileges on key yb100key to user yb100:
premdb=# grant all privileges on key yb100key to yb100;
GRANT