Differences between REVOKE and GRANT in SQL

24 Sep 2023

DatabaseSecurity

SQL is a powerful language for managing database security. Two key commands for granting and revoking privileges are REVOKE and GRANT. While these commands may seem similar at first glance, they serve distinct purposes in SQL. In this blog post, we will explore the differences between REVOKE and GRANT and provide examples to illustrate their usage.

GRANT: Granting Privileges

The GRANT command is used to give users or roles specific privileges on database objects. These privileges can include SELECT, INSERT, UPDATE, DELETE, CREATE, ALTER, DROP, and many more. When a privilege is granted, the user or role gains the ability to perform the specified action on the specified object.

Here’s a basic syntax example for granting privileges:

GRANT privilege_name
ON object_name
TO user_or_role;

For instance, if we want to grant the SELECT privilege on a table called employees to a user named john, the SQL statement would look like this:

GRANT SELECT
ON employees
TO john;

REVOKE: Revoking Privileges

On the other hand, the REVOKE command is used to remove or withdraw previously granted privileges from users or roles. It allows the database administrator to tighten security by revoking privileges that are no longer necessary or should not be granted anymore.

The syntax for revoking privileges with the REVOKE command is as follows:

REVOKE privilege_name
ON object_name
FROM user_or_role;

For example, let’s revoke the previously granted SELECT privilege on the employees table from the user john:

REVOKE SELECT
ON employees
FROM john;

Understanding the Differences

The key distinction between GRANT and REVOKE is that GRANT gives privileges to users or roles, while REVOKE takes away those privileges.

When using GRANT, you provide the specific privileges you want to grant, the object on which the privileges will apply, and the target user or role. Conversely, with REVOKE, you specify the privileges you want to revoke, the object from which the privileges will be revoked, and the user or role from which the privileges will be removed.

It’s important to note that REVOKE only removes the specified privileges and not any other privileges the user or role may have.

Conclusion

In summary, both REVOKE and GRANT commands play crucial roles in managing database security. While GRANT grants specific privileges to users or roles, REVOKE revokes those privileges from them. Understanding the differences between these commands is essential for effectively controlling access to your SQL database.

#SQL #DatabaseSecurity