This recipe answers the question "How do I make sure that the user X cannot access the table Y?"
The current user must either be a superuser, the owner of the table, or must have a
GRANT option for the table.
Also, you can't revoke rights from a user who is a superuser.
To revoke all rights to table
mysecrettable from user
userwhoshouldnotseeit, one must run the following SQL command:
REVOKE ALL ON mysecrettable FROM userwhoshoudnotseeit;
However, because the table is usually also accessible to all users through role
PUBLIC, the following must also be run:
REVOKE ALL ON mysecrettable FROM PUBLIC;
By default all users have a set of rights (SELECT,
INSERT, UPDATE, DELETE, TRUNCATE, ...