PostgreSQL Authorization: Security Best Practices

Once the user has been properly authenticated, you must grant him or her permissions to view data and perform work in the database​. But, always use the principle of least privilege and grant only those permissions required for a specific user to perform their job. You can manage users and groups in PostgreSQL​ via role assignments. A role may refer to an individual user or a group of users. In Postgres, roles are created at the cluster, or database server, level. This means roles are available for all databases defined for the cluster​ or database server. It is very important to limit role privileges appropriately. Permissions can be applied to database objects, to rows inside of tables, and to data redaction policies. Data​ redaction policies are available in EDB Postgres Advanced Server only. Permissions are defined in terms of read access, write access, or the right to create or delete objects in the database.