PM & AI Chronicles

From Product Thinking to Prompt Engineering – One Tool at a Time

Working With Databases 🛢️: Understanding Access & Permissions 🛂 🎫

A Look Inside Access & Permissions: How Databases Protect Data Through Roles 🛡️🔒👤

This article is part of the Database Fundamentals Series — where we break down what databases are, how they store information, and how data is organized, accessed, and used behind the scenes. 👉 — Database Fundamentals: Foundation of Data Storage

Having a database is great—but it won’t do you much good unless you actually know how to get data into it and pull data out of it. Databases are built to store vast amounts of information, and because of that, they need to be as easy, controlled, and safe as possible to perform two basic tasks:

  • Inputting data — adding, updating, or modifying what’s inside
  • Extracting data — retrieving exactly what you need without getting lost in a sea of records

But here’s the catch:
Not everyone should be able to do everything. Just like you wouldn’t give every person in an office a master key to every room, a database also needs a system of permissions—deciding who can access what and how much they’re allowed to do.

In this article, we’ll break down how database access works and how permissions control what each user can do. Let’s look at those details below.

Understanding Access to a Database 🛂👤

Before working with permissions, it helps to understand the different ways users can access a database. Access simply means how someone gets into the database to view, add, or modify data. Depending on the need, there are several methods—ranging from very simple, hands-on approaches to more automated or controlled ones.

Below, we’ll walk through each type of access so you can see how they differ and when each one is useful.

Manual Access — Directly Opening the Database Tables 🖐️

Manual access means accessing the tables of a database directly to view or change data. If a user only needs to update a few cells here and there, this method works just fine—almost like using a spreadsheet. You click into a cell, type the new value, and you’re done.

But if you need to change thousands or millions of cells, manual access becomes slow, risky, and inefficient. That’s when automated methods or queries become essential.

Here’s what manual access typically looks like:

Direct Access — Connecting Straight to the Database Over a Network

Some people use the term direct access to mean the same thing as manual access. But many others use the term differently.

In this second meaning, direct access refers to accessing the database across a network connection, without opening the database application manually. Instead, a remote computer connects straight to the data tables using an interface such as:

  • ODBC (Open Database Connectivity)
  • JDBC (Java Database Connectivity)

Using one of these links, the remote system establishes a connection to the database server. Once connected, it can read or modify the data directly in the tables, just as if it were sitting next to the database.

This method is fast and powerful—but it relies heavily on proper permissions and secure configuration, since it exposes the raw data tables to applications across the network.

Programming Access — Letting Code Talk to the Database 💻

Programming access means a program is the one talking to the database, instead of a person clicking around. The program sends instructions to the database to do things like:

  • Get some data
  • add new data
  • update something
  • delete something

The most common language used for this is SQL, which is specially designed for working with databases.

But programming access can go a step further: A program might first connect to the database using something like ODBC, and then send SQL commands through that connection.

Think of it like this: Instead of a person opening the database and typing something, the program does it automatically. This makes it great for apps, websites, automation, and anything that needs database info without human involvement.

User Interface & Utility Access — Using Screens Instead of Tables: 🖥️

Not everyone needs (or wants) to open the database tables directly. That’s where user interfaces and utilities come in. Instead of touching the raw tables, users can work with a graphical screen—something much easier and safer. These screens can be:

  • built into the database software
  • or created separately by developers

A very common example is a form. Forms are simple windows that let users enter or edit data without ever opening the table itself.

For example:

  • A company might have a “New Product” form. The user fills in the fields (name, price, description), clicks save, and the form quietly writes that data into the database behind the scenes.
  • A developer might build a web-based signup page. When a customer enters their info, the webpage sends the details to the database—again, without exposing the actual table.

This makes data entry safer, easier, and more controlled, especially when many people are using the system.

Understanding Database Permissions — Controlling Who Can Do What 🔐 🛂

When you create a database or a table, one of the most important steps is ensuring the appropriate security settings are in place.

Databases often hold sensitive information—customer details, personal data, financial records, or important business data. Leaving a database wide open is like leaving the front door of a company unlocked. Not good.

Every database system (DBMS) has its own way of handling permissions, but the idea is always the same: control who can access what, and what they’re allowed to do. In general, permissions are grouped into three levels:

Server Permissions 🖥️

  • These apply to the entire database server.
  • Only admins usually get these because they affect all databases on that server.
  • They’re sometimes called global permissions.

Database Permissions 🛢️

  • These apply to one specific database.
  • Anyone with these permissions can access everything in that database (unless more limits are added).
  • Some systems allow these to be global too, but usually they stay within one DB

Object Permissions 🗄️

These are the smallest and most specific permissions. They apply to individual items such as:

  • tables
  • views
  • forms
  • indexes
  • macros or modules

These control what a user can do with each specific object.

Permissions Are Hierarchical 🌳

Permissions flow from the top down:

  • If you set a permission on a database, it automatically applies to all tables in that database.
  • If you set a permission on a table, it applies to everything inside that table.

Think of it like giving someone a key to a room—they automatically have access to everything inside that room.

Roles — The Smarter Way to Manage Permissions 👥

Yes, you can assign permissions to individual user accounts. But in real life, that becomes messy very quickly.

Imagine having 100 users and needing to change one permission. You’d have to update all 100 accounts individually. Not fun—and not safe.

Instead, databases use roles.

A role is simply a group with a set of permissions. You give permissions to the role, and then you add users to that role. This way:

  • you manage permissions in one place,
  • users automatically inherit the permissions of their role,
  • and security stays clean and easy to maintain.

Most DBMSs have two broad types:

Server-Wide Roles 🖥️

These are the highest-level roles and affect the entire database server. Users with these roles can manage all databases on that server.

This level of access is extremely powerful, so it should be limited to only a few trusted administrators.

Database Roles

These have a smaller scope. They apply only to one specific database and control what users can do inside that database.

Most day-to-day users fall under these roles. Predefined Database Roles

RoleAccess level
db_ownerFull access (read, write, delete, back up)
db_datareaderRead data
db_datawriterAdd, delete, or modify data
db_backupoperatorBack up the database
db_denydatareaderCan’t view data
db_denydatawriterCan’t add, delete, or modify data

The Public Role — Why It Exists and Why It’s Risky 👤

Most database systems include a built-in role called public. Every time a new user is added to the database, they are automatically assigned to this role.

Here’s what that means:

  • If a user has not been explicitly granted or denied permissions, they will inherit the permissions of the public role.
  • By default, the public role can usually view the database.

This might sound convenient, but it can become a major security risk because anyone added to the database automatically inherits whatever access the public has. For this reason, most security experts recommend:

  • Do not rely on the public role.
  • Remove unnecessary permissions from public.
  • Create custom roles for people who need access.
  • Add users to those roles instead.

This ensures users get only the access they actually need—and nothing more.

Managing Permissions with GRANT, DENY, and REVOKE 🔧

Databases use three basic commands to control what a user is allowed to do. Think of them as yes, no, and erase.

GRANT — “Yes, you can do this.” ✔️

This command permits someone. Examples:

  • Allow a user to read data
  • Allow them to add or update records
  • Allow them to back up the database

GRANT = Give permission

DENY — “No, you are NOT allowed.”

This blocks a permission, even if another role would normally allow it. For example:

  • If a user is in a group that can read data,
  • but you DENY them read access,
  • they still cannot read the data.

DENY always wins over GRANT. DENY = Block permission

REVOKE — “Erase the rule.” 🚫

This removes a previous GRANT or DENY. It does not grant anything new—it simply wipes the rule away.

After REVOKE, the user only has the permissions granted by their roles.

REVOKE = Remove the permission rule

Here’s an easy way to remember them: ⭐

CommandMeaningExample
GRANT“Yes, allow it.”Let a user read data.
DENY“No, block it.”Stop a user from deleting data, even if their role allows it.
REVOKE“Remove the rule.”Erase any special allow/deny settings for that user.

Wrapping Up 🧭

Access and permissions are the heart of working with databases. Understanding how users get into a database—and what they’re allowed to do once inside—helps keep your data both useful and protected. From simple manual access to secure roles and permissions, each method plays a part in managing data safely and efficiently.

Now that you understand how users access a database and how permissions keep everything secure, the next article will take you one step deeper. We’ll look at SQL commands and basic syntax—the actual language used to talk to a database, retrieve information, and make changes safely and efficiently. 👉 SQL Syntax