SQL Data Control Language (DCL)
Introduction to DCL
- DCL stands for Data Control Language.
- DCL is used to control user access in a database.
- This command is related to the security issues.
- Using DCL command, it allows or restricts the user from accessing data in database schema.
DCL commands are as follows,
1. GRANT
2. REVOKE
- It is used to grant or revoke access permissions from any database user.
1. GRANT COMMAND
- GRANT command gives user's access privileges to the database.
- This command allows specified users to perform specific tasks.
Syntax:
GRANT <privilege list>
ON <relation name or view name>
TO <user/role list>;
Example : GRANT Command
GRANT ALL ON employee
TO ABC;
[WITH GRANT OPTION]
In the above example, user 'ABC' has been given permission to view and modify the records in the 'employee' table.
2. REVOKE COMMAND
- REVOKE command is used to cancel previously granted or denied permissions.
- This command withdraw access privileges given with the GRANT command.
- It takes back permissions from user.
Syntax:
REVOKE <privilege list>
ON <relation name or view name>
FROM <user name>;
Example : REVOKE Command
REVOKE UPDATE
ON employee
FROM ABC;
Difference between GRANT and REVOKE command.
GRANT | REVOKE |
---|
GRANT command allows a user to perform certain activities on the database. | REVOKE command disallows a user to perform certain activities. |
It grants access privileges for database objects to other users. | It revokes access privileges for database objects previously granted to other users. |
Example:
GRANT privilege_name ON object_name TO
{ user_name|PUBLIC|role_name }
[WITH GRANT OPTION]; | Example:
REVOKE privilege_name ON object_name
FROM { user_name|PUBLIC|role_name } |