Skip to main content
Control database access using DCL (Data Control Language) operations.

Grant Permissions

:GRANT permission ON Entity TO user

Read Permission

:GRANT READ ON User TO analyst
DatabaseOutput
PostgreSQLGRANT SELECT ON users TO analyst
MySQLGRANT SELECT ON users.* TO 'analyst'@'localhost'

Write Permission

:GRANT WRITE ON Order TO sales_app
DatabaseOutput
PostgreSQLGRANT INSERT, UPDATE ON orders TO sales_app

Delete Permission

:GRANT DELETE ON Log TO admin

All Permissions

:GRANT ALL ON User TO admin
DatabaseOutput
PostgreSQLGRANT ALL PRIVILEGES ON users TO admin

Multiple Permissions

:GRANT READ, WRITE, DELETE ON Order TO app_service

All Tables

:GRANT READ ON * TO analyst

Revoke Permissions

:REVOKE permission ON Entity FROM user

Single Permission

:REVOKE DELETE ON User FROM intern
DatabaseOutput
PostgreSQLREVOKE DELETE ON users FROM intern

All Permissions

:REVOKE ALL ON User FROM former_employee
DatabaseOutput
PostgreSQLREVOKE ALL PRIVILEGES ON users FROM former_employee

User Management

Create User

:CREATE USER john WITH PASSWORD secret123
DatabaseOutput
PostgreSQLCREATE USER john WITH PASSWORD 'secret123'
MySQLCREATE USER IF NOT EXISTS 'john'@'localhost' IDENTIFIED BY 'secret123'

Alter User Password

:ALTER USER john WITH PASSWORD newsecret456
DatabaseOutput
PostgreSQLALTER USER john WITH PASSWORD 'newsecret456'
MySQLALTER USER 'john'@'localhost' IDENTIFIED BY 'newsecret456'

Drop User

:DROP USER john
DatabaseOutput
PostgreSQLDROP USER IF EXISTS john
MySQLDROP USER IF EXISTS 'john'@'localhost'

Role Management

Create Role

:CREATE ROLE analyst
DatabaseOutput
PostgreSQLCREATE ROLE analyst
MySQLCREATE ROLE IF NOT EXISTS analyst

Assign Role to User

:ASSIGN ROLE analyst TO john
DatabaseOutput
PostgreSQLGRANT analyst TO john
MySQLGRANT 'analyst' TO 'john'@'localhost'

Revoke Role from User

:REVOKE ROLE analyst FROM john
DatabaseOutput
PostgreSQLREVOKE analyst FROM john
MySQLREVOKE 'analyst' FROM 'john'@'localhost'

Drop Role

:DROP ROLE analyst
DatabaseOutput
PostgreSQLDROP ROLE IF EXISTS analyst
MySQLDROP ROLE IF EXISTS analyst

Permission Types

OmniQLPostgreSQLMySQLDescription
READSELECTSELECTRead data
WRITEINSERT, UPDATEINSERT, UPDATECreate and modify
DELETEDELETEDELETERemove records
ALLALL PRIVILEGESALL PRIVILEGESFull access
You can also use native permission names (SELECT, INSERT, UPDATE) directly.

Complete Examples

Read-Only Analyst

:CREATE ROLE analyst
:GRANT READ ON User TO analyst
:GRANT READ ON Order TO analyst
:GRANT READ ON Product TO analyst

:CREATE USER jane WITH PASSWORD analyst123
:ASSIGN ROLE analyst TO jane

Application Service Account

:CREATE ROLE app_service
:GRANT READ, WRITE ON User TO app_service
:GRANT READ, WRITE ON Order TO app_service
:GRANT READ, WRITE ON Product TO app_service

:CREATE USER myapp WITH PASSWORD service456
:ASSIGN ROLE app_service TO myapp

Admin User

:CREATE ROLE admin
:GRANT ALL ON User TO admin
:GRANT ALL ON Order TO admin
:GRANT ALL ON Product TO admin

:CREATE USER bob WITH PASSWORD admin789
:ASSIGN ROLE admin TO bob

Database Support

FeaturePostgreSQLMySQLMongoDB
GRANT/REVOKEYesYesVia commands
CREATE/DROP USERYesYesVia commands
ALTER USERYesYesVia commands
CREATE/DROP ROLEYesYesVia commands
ASSIGN/REVOKE ROLEYesYesVia commands

MongoDB Note

MongoDB uses role-based access control with built-in roles. OmniQL translates to MongoDB admin commands. 
// MongoDB equivalent for CREATE USER
db.createUser({
  user: "analyst",
  pwd: "secret",
  roles: [{ role: "read", db: "myapp" }]
});

Limitations

Not currently supported:
  • Column-level permissions
  • Schema/database-level permissions
  • Sequence permissions
  • Role options (SUPERUSER, LOGIN, etc.)
  • Multiple tables in single GRANT

Next Steps

Transactions

Group operations safely

PostgreSQL

PostgreSQL specifics