Logo

dev-resources.site

for different kinds of informations.

A Guide to Manage Access in SQL - GRANT, REVOKE, and Access Control

Published at
1/6/2025
Categories
sql
database
tutorial
data
Author
luca1iu
Main Article
https://dev.to/luca1iu/a-guide-to-manage-access-in-sql-grant-revoke-and-access-control-48d0
Categories
4 categories in total
sql
open
database
open
tutorial
open
data
open
Author
7 person written this
luca1iu
open
A Guide to Manage Access in SQL - GRANT, REVOKE, and Access Control

Introduction

In SQL, controlling access to database objects is crucial for ensuring data security and managing permissions effectively. SQL provides a robust mechanism for granting and revoking access rights to users and roles. In this article, we’ll explore key commands like GRANT, REVOKE, and CREATE ROLE, along with practical examples.

Why Access Control is Important

Access control allows database administrators to:

  • Protect sensitive data by restricting access.
  • Ensure compliance with organizational policies.
  • Minimize the risk of accidental or malicious modifications.

Key Commands for Access Control

1. GRANT: Giving Permissions
The GRANT command is used to assign specific permissions to users or roles.

2. REVOKE: Revoking Permissions
The REVOKE command removes previously granted permissions from users or roles.

3. CREATE ROLE: Creating a Group of Permissions
A role is a named group of permissions that can be granted to multiple users.

Sample Database: Employees Table

We’ll use the following table for examples:

CREATE TABLE Employees (
    EmployeeID INT PRIMARY KEY,
    Name VARCHAR(50),
    Position VARCHAR(50),
    Salary DECIMAL(10, 2),
    Department VARCHAR(50)
);
Enter fullscreen mode Exit fullscreen mode

Example 1: Granting Permissions to a User

Scenario: Allow the user John to view data in the Employees table.

GRANT SELECT ON Employees TO John;
Enter fullscreen mode Exit fullscreen mode

Effect: User John can now query the Employees table.

Verification:

-- As John
SELECT * FROM Employees;
Enter fullscreen mode Exit fullscreen mode

Example 2: Granting Multiple Permissions

Scenario: Allow the user Jane to both view and insert data into the Employees table.

GRANT SELECT, INSERT ON Employees TO Jane;
Enter fullscreen mode Exit fullscreen mode

Effect: User Jane can read data and add new rows to the Employees table.

Verification:

-- As Jane
INSERT INTO Employees (EmployeeID, Name, Position, Salary, Department)
VALUES (6, 'Anna', 'Tester', 60000, 'QA');
SELECT * FROM Employees;
Enter fullscreen mode Exit fullscreen mode

Example 3: Creating and Assigning a Role

Scenario: Create a role HR_Manager that can view and update employee salaries, and assign it to the user Sarah.

-- Step 1: Create the role
CREATE ROLE HR_Manager;

-- Step 2: Grant permissions to the role
GRANT SELECT, UPDATE(Salary) ON Employees TO HR_Manager;

-- Step 3: Assign the role to Sarah
GRANT HR_Manager TO Sarah;
Enter fullscreen mode Exit fullscreen mode

Effect: User Sarah can now query the Employees table and update the Salary column.

Verification:

-- As Sarah
UPDATE Employees
SET Salary = Salary * 1.10
WHERE EmployeeID = 3;
SELECT * FROM Employees;
Enter fullscreen mode Exit fullscreen mode

Example 4: Revoking Permissions

Scenario: Revoke the INSERT permission from Jane.

REVOKE INSERT ON Employees FROM Jane;
Enter fullscreen mode Exit fullscreen mode

Effect: User Jane can no longer add rows to the Employees table.

Verification:

-- As Jane
INSERT INTO Employees (EmployeeID, Name, Position, Salary, Department)
VALUES (7, 'Mark', 'Developer', 75000, 'IT'); -- This will now fail
Enter fullscreen mode Exit fullscreen mode

Example 5: Managing Permissions Hierarchically

Scenario: Grant all permissions on the database to the Admin role and assign it to Michael.

-- Step 1: Grant all permissions to the role
GRANT ALL PRIVILEGES ON DATABASE my_database TO Admin;

-- Step 2: Assign the role to Michael
GRANT Admin TO Michael;
Enter fullscreen mode Exit fullscreen mode

Effect: User Michael can now perform any operation on the my_database.

Verification:

-- As Michael
DROP TABLE Employees; -- This will succeed
Enter fullscreen mode Exit fullscreen mode

Example 6: Revoking a Role

Scenario: Remove the HR_Manager role from Sarah.

REVOKE HR_Manager FROM Sarah;
Enter fullscreen mode Exit fullscreen mode

Effect: User Sarah loses all permissions associated with the HR_Manager role.

Best Practices for Access Control

  1. Follow the Principle of Least Privilege:Grant only the permissions users need to perform their tasks.
  2. Use Roles for Simplification:Group permissions into roles and assign them to users instead of granting permissions individually.
  3. Regularly Audit Permissions:Periodically review user permissions and revoke any unnecessary access.
  4. Document Access Policies:Maintain a record of permissions granted to users and roles.

Summary of Commands

Command Description
GRANT Grants specific permissions to a user or role.
REVOKE Revokes previously granted permissions.
CREATE ROLE Creates a named group of permissions.
GRANT role_name TO user_name Assigns a role to a user.

By mastering these commands, you can ensure that your database is secure and access is appropriately controlled. Practice these examples to understand how SQL handles access management!

Explore more

luca1iu image

Luca Liu

Hello there! πŸ‘‹ I'm Luca, a Business Intelligence Developer with passion for all things data. Proficient in Python, SQL, Power BI, Tableau, SAP Business Objects.

Thank you for taking the time to explore data-related insights with me. I appreciate your engagement.

πŸš€ Connect with me on LinkedIn

sql Article's
30 articles in total
Favicon
SQL Performance Tuning: Best Practices for Faster Queries
Favicon
Simple SQL Generator using AWS Bedrock
Favicon
Uses of Snowflake Schema
Favicon
Why Successful Companies Don't Have DBAs
Favicon
Explaining DELETE vs DROP vs TRUNCATE in SQL
Favicon
Like IDE for SparkSQL: Support Pycharm! SparkSQLHelper v2025.1.1 released
Favicon
PostgreSQL plan_cache_mode
Favicon
Primeiros Passos no PostgreSQL: Um Guia Completo para Iniciantes
Favicon
SQL Injection - In Just 5 Minutes!
Favicon
What are the benefits of using bounded quantifiers in regex
Favicon
Find logged Microsoft SQL Server Messages
Favicon
RAG - Creating the SQLite database and config file
Favicon
Front-End to Full-Stack Journey Part 3: Server Proxies, React and Progress
Favicon
How to Simplify Oracle Databases with a GUI Tool
Favicon
Mastering SQL Joins - Inner, Outer, Cross, and Self-Joins with Examples
Favicon
SQL 101 | Chapter 3: Mastering Data Retrieval with SELECT Statements
Favicon
Observability 2.0 - The Best Thing Since Sliced Bread
Favicon
Bringing Together Containers & SQL
Favicon
Advanced PostgreSQL Development with pgx in Go: A Deep Dive
Favicon
A Guide to Manage Access in SQL - GRANT, REVOKE, and Access Control
Favicon
Explaining Relation and Data Independence in SQL
Favicon
Supercharge Your Go Database Layer with sqlc: Type-Safe SQL Made Easy
Favicon
A Quick Guide to SQL Data Modification Commands with Examples
Favicon
Search for the closest matching record within the group:From SQL to SPL
Favicon
Mastering SAP SD: Streamlining Sales and Distribution
Favicon
To work with an actual SQL Server, you'll need to install and set up the SQL Server environment, create a database, and then interact with it using SQL queries. Here's a step-by-step guide: 1. Install SQL Server Read more
Favicon
SQL VS NoSQL
Favicon
This Is Probably the Most Perfect Programming for Solving SQL Data Analysis Pain Points
Favicon
Subqueries
Favicon
Calculate monthly account balance and fill in missing dates:From SQL to SPL

Featured ones:

Favicon
Open
abubakersiddique761
Favicon
Open
0x3d_site
Favicon
Open
0x2e_tech
Favicon
Open
0x4c-quest
Favicon
Open
gittech