DENY
DENY is a command in SQL Server that is used to deny permissions to a certain principal (users, roles, or logins). It is primarily used to refuse specific actions on a database object or an entire database. A DENY command overrules all GRANT and INHERIT permissions. This command aids in the management of database security and access control.
Example
The following SQL code demonstrates the usage of the DENY command in SQL Server:
Output
The SQL Server Management Studio will not display any output for the above command as this command is only executed internally to change permissions. The output can be confirmed by attempting to execute any select, insert, update, or delete operations with the ‘user1’ user.
Explanation
The DENY
command is used to deny permissions to a user in SQL Server. It revokes specified permissions to a certain database object from a user or role. In the above example, DENY
is used to revoke ‘SELECT’, ‘INSERT’, ‘UPDATE’, ‘DELETE’ permissions on the Person
table in the dbo
schema from ‘user1’. After this command is executed and committed, ‘user1’ will not be able to select, insert, update, or delete any data in the Person table.
Example
Output
Explanation
In the given example, we first create a new user ‘TestUser’ with password ‘Test123’. We then create a new table ‘TestTable’. Finally, we attempt to deny ‘TestUser’ the SELECT privilege on ‘TestFrame’. The output indicates that the user does not have the SELECT privilege. However, it is important to note that in Oracle, the ‘DENY’ statement does not exist. Instead, Oracle uses a REVOKE command to remove certain permissions.