We'll learn how to work with the PostgreSQL command line tool, called `psql`.

* Start the PostgreSQL command line tool by typing `psql -U postgres`. By default it will open default database i.e **postgres**. if we want to login in other database we can type `psql -U user -d database`. For example `psql -U asad -d bank_account`
* Exit psql by typing `\q`.


[psql](https://www.postgresql.org/docs/9.4/app-psql.html) is similar to the **sqlite3** command line tool in that it allows us to connect to and manage databases. `psql` connects to a running PostgreSQL server process, that enables us to:

* Run queries.
* Manage users and permissions.
* Manage databases.
* See PostgreSQL system information.

By default, `psql` will connect to a **PostgreSQL server** running on the current computer, using port `5432`. 

If we don't specify a **user** and **database** to connect to, it will use the defaults. By default, the **name of the currently logged in system user** will be used as both the **PostgreSQL user name and database name**.

If we're logged in to a computer as the **system user**, then type`psql`, will connect to the database as a **PostgreSQL user** 

After starting the psql command line tool, we can run SQL queries. Any valid SQL query will be executed. Because the psql shell is about giving instant feedback, transactions don't apply, and each command we type is immediately executed. This allows us to quickly test out queries and get results.

Since creating a database is one SQL query, we can do it via psql. We may recall that the syntax to create a database is like the following:

`CREATE DATABASE dbName;`

Queries in psql must end with a semicolon (`;`), or they won't be performed.

In [None]:
# CREATE DATABASE bank_accounts;

We can run several special commands using psql. These commands start with a backslash (`\`), and can perform a variety of functions, including:

* Listing databases
* Listing tables
* Managing users

We can see a full list of all of the special functions by running **`\?`** after starting psql. We'll need to type **q** to exit the resulting help interface. We can also find the full list [here](https://www.postgresql.org/docs/9.4/app-psql.html).

Three common functions to run are:

* `\l` -- list all available databases.
* `\dt` -- list all tables in the current database.
* `\du` -- list users.

When we're connected to a specific SQL database, we can only create tables within that database, and run queries on tables in that database.

We can connect to a different database using the `-d` option of psql. If we wanted to connect to a database called `bank_accounts`, we could use the following command:

`psql -d bank_accounts` or `\c bank_accounts` here `c` refers `connect`. 

`psql -d bank_accounts CREATE TABLE deposits (
    id integer PRIMARY KEY,
    name text,
    amount float
);`

* Start psql and connect to the `bank_accounts` database.
* Create a table called **deposits** in `bank_accounts` with the following columns:
    * id, integer, primary key
    * name, text
    * amount, float
    
* Use the `\dt` command to list all of the tables in **bank_accounts**.

`psql -d bank_accounts CREATE TABLE deposits (
    id integer PRIMARY KEY,
    name text,
    amount float
);`

In order to manage access to different databases, we can also create users. Users will be able to log into a PostgreSQL database and run queries.

`CREATE ROLE userName;`

By default, the user isn't allowed to login to PostgreSQL and run queries. We can fix this by adding the` WITH` and `LOGIN` statements:

`CREATE ROLE userName WITH LOGIN;`

If we run the pseudo-code above with a real username, we may be unable to login as that user. Depending on the configuration of our PostgreSQL instance, we may either be unable to login entirely, or will only be able to login when our system user name is the same as the PostgreSQL user name we want to login as. We can get around this by creating a password -- We'll then be able to login using the password. 

`CREATE ROLE userName WITH LOGIN PASSWORD `password`;`

If the user needs to be able to create databases, we can add that ability in with the `CREATEDB` statement:

`CREATE ROLE userName WITH CREATEDB LOGIN PASSWORD 'password'`

We can keep modifying how the user is created by adding statements after the `WITH` statement. Some other statements we can add are:

* `CREATEROLE` -- allows the user to create other users.
* `SUPERUSER` -- makes the user a superuser

For a full list of statements that can be added, see [here](https://www.postgresql.org/docs/9.4/sql-createrole.html).

* Create a user called **sec** with the following modifying statements:
    * LOGIN
    * PASSWORD 'test'
    * CREATEDB
* List all the users using `\du`.

`CREATE ROLE sec WITH LOGIN CREATEDB PASSWORD 'test';`

When users are created, they don't have any ability, or permissions, to **access tables** in existing databases. This is done for security reasons, so that all permissions are issued explicitly instead of being unexpected.

We can issue permissions to a user using the [GRANT](https://www.postgresql.org/docs/9.4/sql-grant.html) statement. The `GRANT` statement will issue permissions to access certain tables in a database to a certain user. 

We can allow a user to perform `SELECT` queries on a given table like this:


`GRANT SELECT ON tableName TO userName;`

If we want to grant different types of permissions, we can separate them with commas. The below query will allow a given user to;

* query data from a table, 
* update rows in the table, 
* insert rows into the table, and 
* delete rows from the table:

`GRANT SELECT, INSERT, UPDATE, DELETE ON tableName TO userName;`

A shortcut for this is to use the ALL PRIVILEGES statement:

`GRANT ALL PRIVILEGES ON tableName TO userName;`

We can use the psql `\dp` command to find out what privileges have been granted to users for a specific table:

`\dp tableName`

* Start psql and connect to the **bank_accounts** database.
* Grant all privileges on the table deposits to the user **sec**.
* List all the privileges for deposits using \dp.
* Exit psql.

`psql -d bank_accounts <<EOF
GRANT ALL PRIVILEGES ON deposits TO sec;
EOF`

There are times when we'll want to remove permissions that we granted to a user previously. Permissions can be removed using the [REVOKE](https://www.postgresql.org/docs/9.4/sql-revoke.html) statement. 

The `REVOKE` statement enables us to take back any permissions given via the `GRANT` statement. We can revoke the ability for a user to run queries:

`REVOKE SELECT ON tableName FROM userName;`

If we want to revoke different types of permissions, we can separate them with commas. 

`REVOKE SELECT, INSERT, UPDATE, DELETE ON tableName FROM userName;`

A shortcut for this is to use the ALL PRIVILEGES statement:

`REVOKE ALL PRIVILEGES ON tableName FROM userName;`

* Start psql and connect to the **bank_accounts** database.
* Revoke all privileges on the table **deposits** from the user **sec**.
* List all the privileges for deposits using `\dp`.
* Exit psql.

`psql -d bank_accounts <<EOF
REVOKE ALL PRIVILEGES ON deposits FROM sec;
EOF`

# SUPERUSER

A superuser is a special type of user that overrides all access restrictions. Superusers can perform any function in a database, and a user should only be made a superuser in special cases. 

Adding the `SUPERUSER` statement to a `CREATE ROLE` statement will make a user a superuser:

`CREATE ROLE userName WITH SUPERUSER;`

We can also setup login and a password for the superuser:

`CREATE ROLE userName WITH LOGIN PASSWORD 'password' SUPERUSER;`

In [1]:
# Start psql.
# Create a user called aig with the following modifying statements:
# LOGIN
# PASSWORD 'test'
# SUPERUSER
# List all the users using \du.
# Exit psql.

###### Restoring server postgress on original condition by Dropping database and users

1. Drop Database `bank_accounts`;
2.  Drop role `sec`;
3.  Drop role `aig`;
4. Drop table `deposits`;