Movatterモバイル変換

[0]ホーム

Jump to content

Data control language

Edit links

From Wikipedia, the free encyclopedia

Instruction set which governs access to a database

This articleneeds additional citations forverification. Please helpimprove this article byadding citations to reliable sources. Unsourced material may be challenged and removed.
Find sources: "Data control language" – news ·newspapers ·books ·scholar ·JSTOR(July 2016) (Learn how and when to remove this message)

Adata control language (DCL) is a syntax similar to a computerprogramming language used to control access to data stored in a database (authorization). In particular, it is a component ofStructured Query Language (SQL). Data Control Language is one of the logical group in SQL Commands.SQL^[1] is the standard language for relational database management systems. SQL statements are used to perform tasks such as insert data to a database, delete or update data in a database, or retrieve data from a database.

Though database systems use SQL, they also have their own additional proprietary extensions that are usually only used on their system. For example, Microsoft SQL server uses Transact-SQL (T-SQL), which is an extension of SQL. Similarly, Oracle uses PL-SQL, which an Oracle-specific SQL extension. However, the standard SQL commands such as "Select", "Insert", "Update", "Delete", "Create", and "Drop" can be used to accomplish almost everything that one needs to do with a database.

Examples of DCL commands include the SQL commands:

GRANT to allow specified users to perform specified tasks.
REVOKE to remove the user accessibility todatabase object.

The operations for which privileges may be granted to or revoked from a user or role apply to both theData definition language (DDL) and theData manipulation language (DML), and may includeCONNECT,SELECT,INSERT, UPDATE,DELETE,EXECUTE, andUSAGE.

Microsoft SQL Server

[edit]

InMicrosoft SQL Server there are four groups of SQL commands:^[2]

Data Manipulation Language (DML)
Data Definition Language (DDL)
Data Control Language (DCL)
Transaction Control Language (TCL)

DCL commands are used for access control and permission management for users in the database. With them we can easily allow or deny some actions for users on the tables or records (row level security).

DCL commands are:^[2]

GRANT: gives specified permissions for the table (and other objects) to, or assigns a specified role with certain permissions to, specified groups or users of a database;
REVOKE: takes away specified permissions for the table (and other objects) to, or takes away a specified role with certain permissions to, specified groups or users of a database;
DENY: denies a specified permission to a security object.

For example: GRANT can be used to give privileges to user to do SELECT, INSERT, UPDATE and DELETE on a specific table or multiple tables.

The REVOKE command is used to take a privilege away (default) or revoking specific command like UPDATE or DELETE based on requirements.

Example

[edit]

GrantSELECT,INSERT,UPDATE,DELETEonEmployeesToUser1RevokeINSERTOnEmployeesToUser1DenyUpdateOnEmployeestoUser1

In the first example, GRANT gives privileges to user User1 to do SELECT, INSERT, UPDATE and DELETE on the table named Employees.

In the second example, REVOKE removes User1's privileges to use the INSERT command on the table Employees.

DENY is a specific command. We can conclude that every user has a list of privilege which is denied or granted so command DENY is there to explicitly ban you some privileges on the database objects.:

Oracle Database

[edit]

Oracle Database divide SQL commands to different types. They are.

Data Definition Language (DDL) Statements
Data Manipulation Language (DML) Statements
Transaction Control Statements
Session Control Statements
System Control Statement
Embedded SQL Statements

For details referOracle-^[3]TCL

Data definition language (DDL) statements let you to perform these tasks:

Create, alter, and drop schema objects
Grant and revoke privileges and roles
Analyze information on a table, index, or cluster
Establish auditing options
Add comments to the data dictionary

So Oracle Database DDL commands include theGrant andrevoke privileges which is actually part of Data control Language in Microsoft SQL server.

Syntax for grant and revoke in Oracle Database:

Example

[edit]

GRANTSELECT,INSERT,UPDATE,DELETEONdb1.EmployeeTOuser1;REVOKESELECT,INSERT,UPDATE,DELETEONdb1.EmployeeFROMuser1;

Transaction Control Statements in Oracle

[edit]

Transaction control statements manage changes made by DML statements. The transaction control statements are:

COMMIT
ROLLBACK
SAVEPOINT
SET TRANSACTION
SET CONSTRAINT

MySQL

[edit]

MySQL server they divide SQL statements into different type of statement

Data Definition Statements
Data Manipulation Statements
Transactional and Locking Statements
Replication Statements
Prepared Statements
Compound Statement Syntax
Database Administration Statements
Utility Statements

For details referMySQL Transactional statements^[4]

The grant, revoke syntax are as part of Database administration statementsàAccount Management System.

The GRANT statement enables system administrators to grant privileges and roles, which can be granted to user accounts and roles. These syntax restrictions apply:

GRANT cannot mix granting both privileges and roles in the same statement. A given GRANT statement must grant either privileges or roles.
The ON clause distinguishes whether the statement grants privileges or roles:
With ON, the statement grants privileges
Without ON, the statement grants roles.
It is permitted to assign both privileges and roles to an account, but you must use separate GRANT statements, each with syntax appropriate to what is to be granted.

The REVOKE statement enables system administrators to revoke privileges and roles, which can be revoked from user accounts and roles.

Examples

[edit]

REVOKEINSERTON*.*FROM'jeffrey'@'localhost';REVOKE'role1','role2'FROM'user1'@'localhost','user2'@'localhost';REVOKESELECTONworld.*FROM'role3';GRANTALLONdb1.*TO'jeffrey'@'localhost';GRANT'role1','role2'TO'user1'@'localhost','user2'@'localhost';GRANTSELECTONworld.*TO'role3';

InPostgreSQL, executing DCL istransactional, and can be rolled back.

Grant andRevoke are the SQL commands are used to control the privileges given to the users in a Databases

SQLite does not have any DCL commands as it does not have usernames or logins. Instead, SQLite depends onfile-system permissions to define who can open and access a database.^[5]

References

[edit]

^"The SQL Standard – ISO/IEC 9075:2016 (ANSI X3.135) – ANSI Blog".The ANSI Blog. 2018-10-05. Retrieved2020-09-19.
^^a ^bLove, Aubrey (March 28, 2023)."SQL Clause, Statement, Command, Expression and Batch Defined".MSSQLTips. Retrieved2025-01-26.
^"Database SQL Language Reference".docs.oracle.com. Retrieved2020-09-19.
^"MySQL :: MySQL 8.0 Reference Manual :: 13.7.1 Account Management Statements".dev.mysql.com. Retrieved2020-09-19.
^Kreibich, J.A., 2010.Using SQLite, O’Reilly.

v t e Database management systems
Types	Object-oriented comparison Relational list comparison Key–value Column-oriented list Document-oriented Wide-column store Graph NoSQL NewSQL In-memory list Multi-model comparison Cloud Blockchain-based database
Concepts	Database ACID Armstrong's axioms Codd's 12 rules CAP theorem CRUD Null Candidate key Foreign key PACELC design principle Superkey Surrogate key Unique key
Objects	Relation table column row View Transaction Transaction log Trigger Index Stored procedure Cursor Partition
Components	Concurrency control Data dictionary JDBC XQJ ODBC Query language Query optimizer Query rewriting system Query plan
Functions	Administration Query optimization Replication Sharding
Related topics	Database models Database normalization Database storage Distributed database Federated database system Referential integrity Relational algebra Relational calculus Relational model Object–relational database Transaction processing
Category Outline