**[psql](http://www.postgresql.org/docs/9.4/static/app-psql.html)** is similar to the **sqlite3** command line tool in that it allows you to connect to and manage databases. **psql** connects to a running PostgreSQL server process, then enables you to:
* Run queries.
* Manage users and permissions.
* Manage databases.
* See PostgreSQL system information.

By default, psql will connect to a PostgreSQL server running on the current computer, using port **5432**. If you don't specify a user and database to connect to, it will use the defaults. By default, the name of the currently logged in system user will be used as both the PostgreSQL user name and database name.

After you're finished working with **psql**, you can exit using the **\q** command.

*<font color="#666666">Start the PostgreSQL command line tool by typing psql.</font>*  
$ **psql**  
psql (9.6.5)  
Type "help" for help.

*<font color="#666666">Create a database called bank_accounts.</font>*  
lijia=# **CREATE DATABASE bank_accounts;**  
CREATE DATABASE

*<font color="#666666">Exit psql by typing \q.</font>*  
lijia=# **\q**

We can run several special commands using psql. These commands start with a backslash **(\\)**, and can perform a variety of functions, including:
* Listing databases
* Listing tables
* Managing users

You can see a full list of all of the special functions by running **\?** after starting psql. You'll need to type **q** to exit the resulting help interface. You can also find the full list [here](http://www.postgresql.org/docs/9.4/static/app-psql.html).

Two common functions to run are:
* **\l** -- list all available databases.
* **\dt** -- list all tables in the current database.
* **\du** -- list users.

*<font color="#666666">List all available databases.</font>*  
lijia=# **\l**
    
                                        List of databases
         Name      |  Owner   | Encoding |   Collate   |    Ctype    |   Access privileges   
    ---------------+----------+----------+-------------+-------------+-----------------------
     bank_accounts | lijia    | UTF8     | en_US.UTF-8 | en_US.UTF-8 | 
     lijia         | lijia    | UTF8     | en_US.UTF-8 | en_US.UTF-8 | 
     postgres      | postgres | UTF8     | en_US.UTF-8 | en_US.UTF-8 | 
     template0     | postgres | UTF8     | en_US.UTF-8 | en_US.UTF-8 | =c/postgres          +
                   |          |          |             |             | postgres=CTc/postgres
     template1     | postgres | UTF8     | en_US.UTF-8 | en_US.UTF-8 | =c/postgres          +
                   |          |          |             |             | postgres=CTc/postgres
    (5 rows)

When we're connected to a specific SQL database, we can only create tables within that database, and run queries on tables in that database. 

You can connect to a different database using the **-d** option of psql.

*<font color="#666666">Start psql and connect to the bank_accounts database.</font>*  
$ **psql -d bank_accounts**  
psql (9.6.5)  
Type "help" for help.

*<font color="#666666">Create a table called deposits in bank_accounts.</font>*  
bank_accounts=# **CREATE TABLE deposits(**  
bank_accounts(# **id integer PRIMARY KEY,**  
bank_accounts(# **name text,**  
bank_accounts(# **mount float);**  
CREATE TABLE

*<font color="#666666">Use the \dt command to list all of the tables in bank_accounts.</font>*  
bank_accounts=# **\dt**  
    
             List of relations
     Schema |   Name   | Type  | Owner 
    --------+----------+-------+-------
     public | deposits | table | lijia
    (1 row)

*<font color="#666666">Exit psql.</font>*  
bank_accounts=# **\q**

In order to manage access to different databases, you can also create users. Users will be able to log into a PostgreSQL database and run queries. You can create a user with the **[CREATE ROLE](http://www.postgresql.org/docs/9.4/static/sql-createrole.html)** statement. Here's how the statement looks:  
**CREATE ROLE userName;**

By default, the user isn't allowed to login to PostgreSQL and run queries. You can fix this by adding the **WITH** and **LOGIN** statements:  
**CREATE ROLE userName WITH LOGIN;**

You can create a password using the **WITH PASSWORD** statement like this:  
**CREATE ROLE userName WITH LOGIN PASSWORD 'password';**

If the user needs to be able to create databases, you can add that ability in with the **CREATEDB** statement:  
**CREATE ROLE userName WITH CREATEDB LOGIN PASSWORD 'password';**

As you may be able to tell from above, we can keep modifying how the user is created by adding statements after the WITH statement. Some other statements we can add are:
* **CREATEROLE** -- allows the user to create other users.
* **SUPERUSER** -- makes the user a superuser. We'll cover what a superuser is later on.

For a full list of statements that can be added, see [here](http://www.postgresql.org/docs/9.4/static/sql-createrole.html).

*<font color="#666666">Start psql.</font>*  
$ **psql**  
psql (9.6.5)  
Type "help" for help.

*<font color="#666666">Create a user called sec.</font>*  
lijia=# **CREATE ROLE sec WITH LOGIN PASSWORD 'test' CREATEDB;**  
CREATE ROLE

*<font color="#666666">List all the users using \du.</font>*  
lijia=# **\du**  
    
                                       List of roles
     Role name |                         Attributes                         | Member of 
    -----------+------------------------------------------------------------+-----------
     lijia     | Superuser, Create role, Create DB                          | {}
     postgres  | Superuser, Create role, Create DB, Replication, Bypass RLS | {}
     sec       | Create DB                                                  | {}

*<font color="#666666">Exit psql.</font>*  
lijia=# **\q**

When users are created, they don't have any ability, or permissions, to access tables in existing databases. This is done for security reasons, so that all permissions are issued explicitly instead of being unexpected.

You can issue permissions to a user using the **[GRANT](http://www.postgresql.org/docs/9.4/static/sql-grant.html)** statement. The **GRANT** statement will issue permissions to access certain tables in a database to a certain user. You can allow a user to perform **SELECT** queries on a given table like this:  
**GRANT SELECT ON tableName TO userName;**

If you want to grant different types of permissions, you can separate them with commas. The below query will allow a given user to query data from a table, update rows in the table, insert rows into the table, and delete rows from the table:  
**GRANT SELECT, INSERT, UPDATE, DELETE ON tableName TO userName;**

A shortcut for this is to use the **ALL PRIVILEGES** statement:  
**GRANT ALL PRIVILEGES ON tableName TO userName;**

You can use the psql **\dp** command to find out what privileges have been granted to users for a specific table:  
**\dp tableName**

*<font color="#666666">Start psql and connect to the bank_accounts database.</font>*  
$ **psql -d bank_accounts**  
psql (9.6.5)  
Type "help" for help.

*<font color="#666666">Grant all privileges on the table deposits to the user sec.</font>*  
bank_accounts=# **GRANT ALL PRIVILEGES ON deposits TO sec;**  
GRANT

*<font color="#666666">List all the privileges for deposits using \dp.</font>*  
bank_accounts=# **\dp**  
    
                                   Access privileges
     Schema |   Name   | Type  |  Access privileges  | Column privileges | Policies 
    --------+----------+-------+---------------------+-------------------+----------
     public | deposits | table | lijia=arwdDxt/lijia+|                   | 
            |          |       | sec=arwdDxt/lijia   |                   | 
    (1 row)

*<font color="#666666">Exit psql.</font>*  
bank_accounts=# **\q**

There are times when you'll want to remove permissions that you granted to a user previously. Permissions can be removed using the **[REVOKE](http://www.postgresql.org/docs/9.4/static/sql-revoke.html)** statement.

The **REVOKE** statement enables you to take back any permissions given via the **GRANT** statement. You can revoke the ability for a user to run queries:  
**REVOKE SELECT ON tableName FROM userName;**

If you want to revoke different types of permissions, you can separate them with commas. The below query will revoke permissions for a given user to query data from a table, update rows in the table, insert rows into the table, and delete rows from the table:  
**REVOKE SELECT, INSERT, UPDATE, DELETE ON tableName FROM userName;**

A shortcut for this is to use the **ALL PRIVILEGES** statement:  
**REVOKE ALL PRIVILEGES ON tableName FROM userName;**

*<font color="#666666">Start psql and connect to the bank_accounts database.</font>*  
$ **psql -d bank_accounts**  
psql (9.6.5)  
Type "help" for help.

*<font color="#666666">Revoke all privileges on the table deposits from the user sec.</font>*  
bank_accounts=# **REVOKE ALL PRIVILEGES ON deposits FROM sec;**  
REVOKE

*<font color="#666666">List all the privileges for deposits using \dp.</font>*  
bank_accounts=# **\dp**  
    
                                   Access privileges
     Schema |   Name   | Type  |  Access privileges  | Column privileges | Policies 
    --------+----------+-------+---------------------+-------------------+----------
     public | deposits | table | lijia=arwdDxt/lijia |                   | 
    (1 row)

*<font color="#666666">Exit psql.</font>*  
bank_accounts=# **\q**

A superuser is a special type of user that overrides all access restrictions. Superusers can perform any function in a database, and a user should only be made a superuser in special cases. Adding the **SUPERUSER** statement to a **CREATE ROLE** statement will make a user a superuser:  
**CREATE ROLE userName WITH SUPERUSER;**

You can also setup login and a password for the superuser:  
**CREATE ROLE userName WITH LOGIN PASSWORD 'password' SUPERUSER;**

*<font color="#666666">Start psql.</font>*  
$ **psql**  
psql (9.6.5)  
Type "help" for help.

*<font color="#666666">Create a user called aig.</font>*  
lijia=# **CREATE ROLE aig WITH LOGIN PASSWORD 'test' SUPERUSER;**  
CREATE ROLE

*<font color="#666666">List all the users using \du.</font>*  
lijia=# **\du**  
    
                                       List of roles
     Role name |                         Attributes                         | Member of 
    -----------+------------------------------------------------------------+-----------
     aig       | Superuser                                                  | {}
     lijia     | Superuser, Create role, Create DB                          | {}
     postgres  | Superuser, Create role, Create DB, Replication, Bypass RLS | {}
     sec       | Create DB                                                  | {}

*<font color="#666666">Exit psql.</font>*  
lijia=# **\q**