Data Control Language

Data Control Language (DCL):

These SQL commands are used to implement security on database objects like table, view, stored procedure etc. DCL commands are used to enforce database security in a multiple user database environment. Only Database Administrator's of the database object can provide/remove privileges on a database object. Different DCL statements are

•    Grant

•    Revoke



•    Deny
 
GRANT:

SQL GRANT is a command used to provide access or privileges on the database objects to the users.

Syntax:

GRANT privilege_name
ON object_name
TO {user_name |PUBLIC |role_name}
[WITH GRANT OPTION];

•    privilege_name is the access right or privilege granted to the user. Some of the access rights are ALL, EXECUTE, and SELECT.

•    object_name is the name of a database object like TABLE, VIEW, STORED PROC and SEQUENCE.

•    user_name is the name of the user to whom an access right is being granted.

•    PUBLIC is used to grant access rights to all users.

•    ROLES are a set of privileges grouped together.

•    WITH GRANT OPTION - allows a user to grant access rights to other users.

Example: GRANT SELECT ON employee TO user1;

This command grants a SELECT permission on employee table to user1.You should use the WITH GRANT option carefully because for example if you GRANT SELECT privilege on employee table to user1 using the WITH GRANT option, then user1 can GRANT SELECT privilege on employee table to another user, such as user2 etc.

REVOKE:

The REVOKE command removes user access rights or privileges to the database objects.

Syntax:

REVOKE privilege_name
ON object_name
FROM {user_name |PUBLIC |role_name}

Example: REVOKE SELECT ON employee FROM user1;

This command will REVOKE a SELECT privilege on employee table from user1.When you REVOKE SELECT privilege on a table from a user; the user will not be able to SELECT data from that table anymore. You cannot REVOKE privileges if they were not initially granted by you.

Deny: Used to deny permissions to a user.

Syntax:

Deny ALL | permission_name
On object_name
TO user_name

Example:

Deny update
On customer
To Srinivas

0 comments:

Post a Comment