You can assign specific permissions to specific users, or, if most users are going to be granted most privileges, it may be easier to assign all permissions to all users, and then revoke specific permissions from specific users.
For example, a Database Owner can grant all permissions on the titles table to all users by issuing:
grant all on titles to public
The Database Owner can then issue a series of revoke statements, for example:
revoke update on titles (price, advance) from public
revoke delete on titles from mary, sales, john
grant and revoke statements are order-sensitive: in case of a conflict, the most recently issued statement supersedes all others.
Under SQL rules, you must use the grant command
before using the revoke command, but the two
commands cannot be used within the same transaction. Therefore,
when you grant “public” access to objects, and
then revoke that access from an individual, there is a short period
of time during which the individual has access to the objects in
question. To prevent this situation, use the create schema command
to include the grant and revoke clauses
within one transaction.
