SQL PUBLIC

What does the SQL PUBLIC role do?

PUBLIC is a predefined role that implicitly includes every database user and can be referenced in GRANT or REVOKE statements to affect all accounts at once.

Welcome to the Galaxy, Guardian!
You'll be receiving a confirmation email

Follow us on twitter :)

Oops! Something went wrong while submitting the form.

Compatible dialects for SQL PUBLIC: PostgreSQL, Oracle, SQL Server, IBM Db2, Snowflake. Not supported in MySQL or SQLite.

SQL PUBLIC Full Explanation

PUBLIC is a reserved keyword that represents a built-in, always-present role containing every current and future login on the database cluster or instance. Because every user automatically belongs to PUBLIC, privileges granted to PUBLIC are inherited by all users without the need to enumerate them individually. PUBLIC can appear anywhere a role name is accepted in privilege statements, synonyms, or object ownership (depending on the dialect). Revoking from PUBLIC removes the privilege from everyone unless it is re-granted directly or via another role. The keyword does not create a real role object you can drop or rename; it exists implicitly and permanently. Careless grants to PUBLIC can unintentionally expose data or functionality to all users, so least-privilege practices recommend minimal PUBLIC rights beyond CONNECT or USAGE where required.

SQL PUBLIC Syntax

GRANT privilege_list
ON object_name
TO PUBLIC;

REVOKE privilege_list
ON object_name
FROM PUBLIC;

SQL PUBLIC Parameters

Example Queries Using SQL PUBLIC

-- Allow every user to read from the customers table
GRANT SELECT ON customers TO PUBLIC;

-- Remove execute rights on a function from everyone
REVOKE EXECUTE ON FUNCTION calc_commission(integer) FROM PUBLIC;

-- PostgreSQL: give USAGE on a schema to all users
GRANT USAGE ON SCHEMA analytics TO PUBLIC;

Expected Output Using SQL PUBLIC

After the GRANT, every present and future user can perform the specified action on the object
After the REVOKE, the action is no longer permitted unless granted through another role

Use Cases with SQL PUBLIC

Quickly open read-only access on reference tables to the whole organization
Grant CONNECT or USAGE on commonly shared schemas without managing many individual roles
Provide execute permission on safe helper functions to all analysts
Simplify onboarding by pre-granting minimal rights via PUBLIC

Common Mistakes with SQL PUBLIC

Assuming PUBLIC grants are harmless and over-granting sensitive permissions
Forgetting that future users also inherit PUBLIC privileges, causing silent exposure later
Trying to DROP or ALTER the PUBLIC role (not allowed)
Believing REVOKE FROM PUBLIC removes rights already granted individually (it only removes the PUBLIC-based grant)

First Introduced In

SQL-92 standard (GRANT/REVOKE syntax)

Frequently Asked Questions

What is the PUBLIC role in SQL?

PUBLIC is a built-in role that every database user belongs to automatically. Grants to PUBLIC apply to all users without listing them individually.

Is granting to PUBLIC considered secure?

It depends on the privilege. Read-only access to harmless lookup tables is usually fine. Granting write, delete, or administrative rights to PUBLIC can expose critical data or bypass security controls.

Can I remove or rename PUBLIC?

No. PUBLIC is hard-coded in the database system. You can only control which privileges it holds, not its existence or name.

How do I see what PUBLIC can do?

Query the system catalogs for privileges where grantee = 'PUBLIC' (PostgreSQL) or use each dialect's metadata views to list PUBLIC grants.