Why is "Deny" used in the data management language?

Question

Why is "Deny" used in the data management language?

I recently started to learn the basics of SQL and while I was looking for a data manipulation language, data management language, data definition language, something didn't make sense.

As I understand it, Data Control Language has 3 keywords: Grant, Deny, Revoke.

A “grant” allows specified users to do certain things. "Cancel" destroys any security permission specified by the specified users.

However, I do not understand, this is "Deny."

If users do not have access (Is there a special term for computer science?) To a specific database at the beginning, why would a programmer who develops a database would "Deny" that the user is allowed on this database? It does not make sense.

Can someone tell me why and where to use "Deny"?

+4

sql

fahrettinpercin Jul 19 '13 at 14:10

source share

2 answers

Odded · Answer 1 · 2013-07-19T14:13:21+0000

Deny - as in the case of "deny access".

This means that obviously does not allow someone to do something. This is not the same as granting access and taking away access to this grant and review, respectively.

Note that you can provide group access to a schema, but for a subset of this group you want to deny access to a subset of the tables defined in the schema. "deny" gives you a way to do this.

Guanxi · Answer 2 · 2013-07-19T14:17:22+0000

The DENY command can be used to explicitly prevent a user from obtaining a specific permission.

This is useful when a user can be a member of a role or group that has been granted permission, and you want that user to not inherit permission by throwing an exception.

Why is "Deny" used in the data management language?

More articles: