Data Control Language
Data Control Language (DCL) is a subset of SQL used to control access to data stored in a relational database management system.
DCL commands are primarily concerned with granting or revoking privileges on database objects such as tables, views, and schemas.
DCL commands
The two main DCL commands are:
-
GRANT
: This command is used to give specific privileges to users or roles; -
REVOKE
: This command is used to remove specific privileges from users or roles that have been previously granted.
Privileges
Objects
Implementation
To grant some privileges for an object in SQL for a particular user we can use the following statement:
sqlGRANT privilegesON objectTO {user | role | PUBLIC};
There are 3 types of roles in DB to which you can grant some privileges:
- user: An individual database user;
- role: A database role, a named group of privileges that can be assigned to users (e.g. admin, developer, analyst);
- PUBLIC: A special keyword that grants the specified privileges to all users.
We can grant a role to a user using the following statement:
sqlGRANT role TO user;
Finally, we can revoke previously granted privileges using the following statement:
sqlREVOKE privilegesON objectFROM {user | role | PUBLIC};
Example
Here are some examples of how to use the GRANT
command to assign different privileges on the bankaccounts and userlogs tables to different roles and users.
sql-- Create roleCREATE ROLE bank_manager;-- Grant privileges to bank_manager roleGRANT SELECT, INSERT, UPDATE, DELETE ON BankAccounts TO bank_manager;GRANT SELECT, INSERT ON UserLogs TO bank_manager;-- Create usersCREATE USER john WITH PASSWORD 'password123';CREATE USER jane WITH PASSWORD 'password456';-- Assign roles to usersGRANT bank_manager TO john;GRANT bank_manager TO jane;
Now we can revoke some of the granted privileges:
sql-- Revoke privileges from bank_manager roleREVOKE UPDATE, DELETE ON BankAccounts FROM bank_manager;REVOKE INSERT ON UserLogs FROM bank_manager;-- Revoke bank_manager role from johnREVOKE bank_manager FROM john;
Tak for dine kommentarer!