DENY

DENY is a command in SQL Server that is used to deny permissions to a certain principal (users, roles, or logins). It is primarily used to refuse specific actions on a database object or an entire database. A DENY command overrules all GRANT and INHERIT permissions. This command aids in the management of database security and access control.

Example

The following SQL code demonstrates the usage of the DENY command in SQL Server:

DENY SELECT, INSERT, UPDATE, DELETE ON OBJECT::dbo.Person TO user1;

Output

The SQL Server Management Studio will not display any output for the above command as this command is only executed internally to change permissions. The output can be confirmed by attempting to execute any select, insert, update, or delete operations with the ‘user1’ user.

Explanation

The DENY command is used to deny permissions to a user in SQL Server. It revokes specified permissions to a certain database object from a user or role. In the above example, DENY is used to revoke ‘SELECT’, ‘INSERT’, ‘UPDATE’, ‘DELETE’ permissions on the Person table in the dbo schema from ‘user1’. After this command is executed and committed, ‘user1’ will not be able to select, insert, update, or delete any data in the Person table.

Example

CREATE USER TestUser IDENTIFIED BY Test123;
CREATE TABLE TestTable (TestColumn VARCHAR2(30));


DENY SELECT ON TestTable TO TestUser;

Output

User created.
Table created.
User does not have the privilege SELECT.

Explanation

In the given example, we first create a new user ‘TestUser’ with password ‘Test123’. We then create a new table ‘TestTable’. Finally, we attempt to deny ‘TestUser’ the SELECT privilege on ‘TestFrame’. The output indicates that the user does not have the SELECT privilege. However, it is important to note that in Oracle, the ‘DENY’ statement does not exist. Instead, Oracle uses a REVOKE command to remove certain permissions.

For in-depth explanations and examples SQL keywords where you write your SQL, install our extension.