SQL Server Data Warehouse

SQL GRANT REVOKE Commands

SQL GRANT REVOKE Commands

DCL commands are used to enforce database security in a multiple user database environment. Two types of DCL commands are GRANT and REVOKE. Only Database Administrator’s or owner’s of the database object can provide/remove privileges on a database object.

SQL GRANT Command

SQL GRANT is a command used to provide access or privileges on the database objects to the users.

The Syntax for the GRANT command is:

GRANT privilege_name
ON object_name
TO {user_name |PUBLIC |role_name}
[WITH GRANT OPTION];

  • privilege_name is the access right or privilege granted to the user. Some of the access rights are ALL, EXECUTE, and SELECT.
  • object_name is the name of an database object like TABLE, VIEW, STORED PROC and SEQUENCE.
  • user_name is the name of the user to whom an access right is being granted.
  • user_name is the name of the user to whom an access right is being granted.
  • PUBLIC is used to grant access rights to all users.
  • ROLES are a set of privileges grouped together.
  • WITH GRANT OPTION – allows a user to grant access rights to other users.

For Example:

GRANT SELECT ON employee TO user1;

This command grants a SELECT permission on employee table to user1.

You should use the WITH GRANT option carefully because for example if you GRANT SELECT privilege on employee table to user1 using the WITH GRANT option, then user1 can GRANT SELECT privilege on employee table to another user, such as user2 etc.

Later, if you REVOKE the SELECT privilege on employee from user1, still user2 will have SELECT privilege on employee table.