eslint-plugin-postgresql
All rules

Security

postgresql/no-grant-to-public

Avoid GRANT ... TO PUBLIC.

  • Type problem
  • Recommended warn
  • Fixable no

Why this matters

The PUBLIC pseudo-role covers every current and future role in the database. Privilege grants should name roles explicitly. `REVOKE ... FROM PUBLIC` is unaffected — revoking implicit grants is good hygiene.

Examples

Incorrect

Incorrect 
GRANT SELECT ON users TO PUBLIC;

Correct

Correct 
GRANT SELECT ON users TO reporting;
Correct 
REVOKE ALL ON users FROM PUBLIC;

Configure it

// eslint.config.js
import postgresql from "eslint-plugin-postgresql";

export default [
  {
    files: ["**/*.sql"],
    languageOptions: {
      parser: postgresql.configs.recommended.languageOptions.parser,
    },
    plugins: { postgresql },
    rules: {
      "postgresql/no-grant-to-public": "warn",
    },
  },
];

Options

This rule has no options.

Try this rule

Edit the SQL — only no-grant-to-public is enabled.

Pre-filled with the first incorrect example. Toggle off in the rule shelf to see how the diagnostic disappears.

0 errors 0 warnings parse 0ms · rules 0ms
Diagnostics

No issues found.

2 rules enabled.

Rule under test no-grant-to-public — plus no-syntax-error as a safety net.
eslint-plugin-postgresql

An ESLint plugin that lints .sql files with real PostgreSQL grammar and a curated set of best-practice rules.

Project
Resources
© 2026 eslint-plugin-postgresql contributors Built on libpg-query · PostgreSQL 17