msbi

SQL GRANT REVOKE Commands

SQL GRANT REVOKE Commands

DCL commands are used to enforce database security in a multiple user database environment. Two types of DCL commands are GRANT and REVOKE. Only Database Administrator’s or owner’s of the database object can provide/remove privileges on a database object.

SQL GRANT Command

SQL GRANT is a command used to provide access or privileges on the database objects to the users.

The Syntax for the GRANT command is:

GRANT privilege_name
ON object_name
TO {user_name |PUBLIC |role_name}
[WITH GRANT OPTION];

  • privilege_name is the access right or privilege granted to the user. Some of the access rights are ALL, EXECUTE, and SELECT.
  • object_name is the name of an database object like TABLE, VIEW, STORED PROC and SEQUENCE.
  • user_name is the name of the user to whom an access right is being granted.
  • user_name is the name of the user to whom an access right is being granted.
  • PUBLIC is used to grant access rights to all users.
  • ROLES are a set of privileges grouped together.
  • WITH GRANT OPTION – allows a user to grant access rights to other users.

For Example:

GRANT SELECT ON employee TO user1;

This command grants a SELECT permission on employee table to user1.

You should use the WITH GRANT option carefully because for example if you GRANT SELECT privilege on employee table to user1 using the WITH GRANT option, then user1 can GRANT SELECT privilege on employee table to another user, such as user2 etc.

Later, if you REVOKE the SELECT privilege on employee from user1, still user2 will have SELECT privilege on employee table.

Create a Database by Script

SQL Server accepts Transact-SQL (which is an extended version of the SQL standard), so you could create the database by running the following SQL script.

USE master;
GO
CREATE DATABASE Music;
GO

To do this, open a new query by clicking New Query in the toolbar and run an SQL CREATE DATABASE statement.

Just as you can specify certain properties when creating a database via the GUI, you can include those same properties when creating a database by script. Here’s an example of specifying settings for the data and log files.

USE master ;
GO
CREATE DATABASE Music
ON
( NAME = Music_dat,
FILENAME = ‘C:\Program Files\Microsoft SQL Server\MSSQL13.MSSQLSERVER\MSSQL\DATA\Music.mdf’,
SIZE = 10,
MAXSIZE = 50,
FILEGROWTH = 5 )
LOG ON
( NAME = Music_log,
FILENAME = ‘C:\Program Files\Microsoft SQL Server\MSSQL13.MSSQLSERVER\MSSQL\DATA\Music_log.ldf’,
SIZE = 5MB,
MAXSIZE = 25MB,
FILEGROWTH = 5MB ) ;
GO

What is a NULL Value?

A field with a NULL value is a field with no value.

If a field in a table is optional, it is possible to insert a new record or update a record without adding a value to this field. Then, the field will be saved with a NULL value.

Note: It is very important to understand that a NULL value is different from a zero value or a field that contains spaces. A field with a NULL value is one that has been left blank during record creation!

What are the typical uses of service accounts in running SQL Server components?

Service accounts are all about security and access. So, for example, SQL Agent runs as a service and it can be configured (should be) to run under a service account. Let’s assume that you use Agent to run backups. Let’s also assume you backup to a shared file location on your network that’s not local to the machine you’re running SQL Agent on. You’ll need to ensure that the account configured for SQL Agent has access to that shared file location. While this may seem like work, what it in fact is doing is following the method of least access. That service account has to have access to that share, but it doesn’t need access to other file locations on your system, so you only give it what it needs and nothing more. Same thing applies to the other services and service accounts.

For More Information www.sqlschool.com