PostgreSQL maintains a tightly controlled set of access control lists or
ACL
s.
This information describes which users are allowed to select from, update, and otherwise modify objects within a database. A
set of access privileges and restrictions exist for each applicable database object in PostgreSQL (e.g., tables, views, and
sequences). Superusers and owners of database objects maintain these ACLs through a pair of SQL commands:
GRANT and REVOKE.
As stated in Chapter 9, when a user first creates a database, they are implicitly the owner
of that database. Similarly, whenever someone creates that database object, it is owned by that individual who issued the related
CREATE SQL command.
Aside from PostgreSQL superusers (who may manipulate any database object in any way), only the owners of database
objects are allowed to grant and revoke privileges on the objects which they own. Though any user may connect to a database, if
they wish access to objects within that database they must have those privileges explicitly granted to them.
