The

The TO clause specifies the users, roles, and other database objects that are to be granted the privileges enumerated in privileges.The clause is mandatory.

The optional USER keyword in the TO clause allow you to specify exactly who or what is granted the privilege.If a USER (or ROLE) keyword is not specified, the server first checks for a role with this name and, if there is no such role, the privileges are granted to the user with that name without further checking.

A role is a “container” object that can be used to package a collection of privileges.Use of the role is then granted to each user or role that requires those privileges.A role can also be granted to a list of users or roles.

The role must exist before privileges can be granted to it.See CREATE ROLE for the syntax and rules.The role is maintained by granting privileges to it and, when required, revoking privileges from it.When a role is dropped  — see DROP ROLE — all users lose the privileges acquired through the role.Any privileges that were granted additionally to an affected user by way of a different grant statement are retained.

Unless the role is granted as a default role, a user that is granted a role must explicitly specify that role, either with their login credentials or activating it using SET ROLE, to exercise the associated privileges.Any other privileges granted to the user or received through default roles are not affected by explicitly specifying a role.

More than one role can be granted to the same user.Although only one role can be explicitly specified, multiple roles can be active for a user, either as default roles, or as roles granted to the current role.

A role can be granted to a user or to another role.