When a database object is created, it is assigned an owner. The owner is the user that executed the creation statement. There is currenty no polished interface for changing the owner of a database object. By default, only an owner (or a superuser) can do anything with the object. In order to allow other users to use it, privileges must be granted.
Currently, there are four different privileges: select (read), insert (append), and update/delete (write), as well as RULE, the permission to create a rewrite rule on a table. The right to modify or destroy an object is always the privilege of the owner only. To assign privileges, the GRANT command is used. So, if joe is an existing user, and accounts is an existing table, write access can be granted with
GRANT UPDATE ON accounts TO joe;The user executing this command must be the owner of the table. To grant a privilege to a group, use
GRANT SELECT ON accounts TO GROUP staff;The special "user" name PUBLIC can be used to grant a privilege to every user on the system. Using ALL in place of a privilege specifies that all privileges will be granted.
To revoke a privilege, use the fittingly named REVOKE command:
REVOKE ALL ON accounts FROM PUBLIC;The set of privileges held by the table owner is always implicit and is never revokable.