# Command line PostgreSQL

### The psql tool

In the last mission, we worked with PostgreSQL, or Postgres, databases and tables. In this mission, we'll learn how to work with the PostgreSQL command line tool, called [psql](http://www.postgresql.org/docs/9.4/static/app-psql.html). <br>

[psql]((http://www.postgresql.org/docs/9.4/static/app-psql.html)) is similar to the [sqlite3](https://www.sqlite.org/cli.html) command line tool in that it allows you to connect to and manage databases. psql connects to a running PostgreSQL server process, then enables you to:

* Run queries.
* Manage users and permissions.
* Manage databases.
* See PostgreSQL system information.

By default, psql will connect to a PostgreSQL server running on the current computer, using port `5432`. 
* If you don't specify a user and database to connect to, it will use the defaults. 
* By default, the name of the currently logged in system user will be used as both the PostgreSQL user name and database name.

If you're logged in to a computer as the system user `dq`, then type `psql`, you will connect to the `dq` database as a PostgreSQL user called dq. We'll learn later on how to connect to different databases using different PostgreSQL users. <br>

After you're finished working with [psql](http://www.postgresql.org/docs/9.4/static/app-psql.html), you can exit using the `\q` command.

### Running SQL queries

```bash
psql

psql (9.4.15)
Type "help" for help.

create database bank_accounts;
CREATE DATABASE

\q
```

### Special PostgreSQL commands

We can run several special commands using psql. These commands start with a backslash (`\`), and can perform a variety of functions, including:

* Listing databases
* Listing tables
* Managing users

You can see a full list of all of the special functions by running `\?` after starting psql. You'll need to type `q` to exit the resulting help interface. You can also find the full list [here](http://www.postgresql.org/docs/9.4/static/app-psql.html).

Two common functions to run are:

* `\l` -- list all available databases.
* `\dt` -- list all tables in the current database.
* `\du` -- list users.


### Switching databases

When we're connected to a **specific SQL database, we can only create tables within that database**, and run queries on tables in that database. In the past few screens, we've been connected to the `dq` database. This prevents us from manipulating tables in the `bank_accounts` database. <br>

You can **connect to a different database using the `-d` option** of psql. If you wanted to connect to a database called `dataquest`, you could use the following command:

```psql -d dataquest```

```sql

psql
create table deposits(id integer primary key, name text, amount float);
\dt
\q

```

### Creating users

In order to manage access to different databases, you can also create users. Users will be able to log into a PostgreSQL database and run queries. You can create a user with the [CREATE ROLE](http://www.postgresql.org/docs/9.4/static/sql-createrole.html) statement. Here's how the statement looks:

`CREATE ROLE userName;`

By default, the user isn't allowed to login to PostgreSQL and run queries. You can fix this by adding the `WITH` and `LOGIN` statements:

`CREATE ROLE userName with LOGIN;`

If you run the pseudo-code above with a real username, you may be unable to login as that user. Depending on the configuration of your PostgreSQL instance, you may either be unable to login entirely, or will only be able to login when your system user name is the same as the PostgreSQL user name you want to login as. You can get around this by creating a password -- you'll then be able to login using the password. We'll cover PostgreSQL authentication and login methods in more depth in a later mission. <br>

You can create a password using the `WITH PASSWORD` statement like this:

`CREATE ROLE userName WITH LOGIN PASSWORD 'password';`

If the user needs to be able to create databases, you can add that ability in with the `CREATEDB` statement:

`CREATE ROLE userName WITH CREATEDB LOGIN PASSWORD 'password';`

As you may be able to tell from above, we can keep modifying how the user is created by adding statements after the WITH statement. Some other statements we can add are:

* `CREATEROLE` -- allows the user to create other users.
* `SUPERUSER` -- makes the user a superuser. We'll cover what a superuser is later on.

For a full list of statements that can be added, see [here](http://www.postgresql.org/docs/9.4/static/sql-createrole.html).



* Practice

```
psql

create role sec with createdb login password 'test';

\du
\q

```

### Adding permissions

When users are created, they don't have any ability, or permissions, to access tables in existing databases. This is done for security reasons, so that all permissions are issued explicitly instead of being unexpected. You can issue permissions to a user using the GRANT statement. The [GRANT](http://www.postgresql.org/docs/9.4/static/sql-grant.html) statement will issue permissions to access certain tables in a database to a certain user. You can allow a user to perform `SELECT` queries on a given table like this:

`GRANT SELECT ON tableName TO userName;`

If you want to grant different types of permissions, you can separate them with commas. The below query will allow a given user to query data from a table, update rows in the table, insert rows into the table, and delete rows from the table:

`GRANT SELECT, INSERT, UPDATE, DELETE ON tableName TO userName;`

A shortcut for this is to use the ALL PRIVILEGES statement:

`GRANT ALL PRIVILEGES ON tableName TO userName;`

You can use the psql `\dp` command to find out what privileges have been granted to users for a specific table:

`\dp tableName`

* **Practice**

```bash
psql -d bank_accounts

> grant all privileges on deposits to sec;
GRANT
> \dp
> \q


```

### Removing permissions

There are times when you'll want to remove permissions that you granted to a user previously. 
### Permissions can be removed using the [`REVOKE`](http://www.postgresql.org/docs/9.4/static/sql-revoke.html) statement. 
The REVOKE statement enables you to take back any permissions given via the GRANT statement. You can revoke the ability for a user to run queries:

`REVOKE SELECT ON tableName FROM userName;`

If you want to revoke different types of permissions, you can separate them with commas. The below query will revoke permissions for a given user to query data from a table, update rows in the table, insert rows into the table, and delete rows from the table:

`REVOKE SELECT, INSERT, UPDATE, DELETE ON tableName FROM userName;`

A shortcut for this is to use the ALL PRIVILEGES statement:

`REVOKE ALL PRIVILEGES ON tableName FROM userName;`

The above syntax likely looks very similar to the GRANT syntax from the last screen. This is by design, and both are as similar as possible to make adding and removing permissions straightforward.

```bash
psql -d bank_accounts

> revoke all privileges on deposits from sec;
REVOKE
> \dp
> \q
```


### Superusers

A superuser is a special type of user that overrides all access restrictions. Superusers can perform any function in a database, and a user should only be made a superuser in special cases. Adding the SUPERUSER statement to a CREATE ROLE statement will make a user a superuser:

`CREATE ROLE userName WITH SUPERUSER;`

You can also setup login and a password for the superuser:

`CREATE ROLE userName WITH LOGIN PASSWORD 'password' SUPERUSER;`

```bash

psql

> create role aig with login password 'test' superuser;
CREATE ROLE
> \du
> \q

```