SQL DCL Commands

The GRANT statement assigns privileges on database objects (tables, views, procedures, etc.) to users or roles.

GRANT privilege_list
ON object_name
TO user_or_role
[WITH GRANT OPTION];

Parameters:

• privilege_list — one or more privileges (SELECT, INSERT, UPDATE, DELETE, REFERENCES, EXECUTE, etc.)
• object_name — the object to which the privilege applies (e.g., schema.table)
• user_or_role — the user account or role receiving the privileges
• WITH GRANT OPTION — optional; allows the grantee to grant the same privilege to others

-- Grant SELECT on the users table to user 'amit'
GRANT SELECT ON hr.users TO amit;

-- Grant INSERT and UPDATE on a table to a role
GRANT INSERT, UPDATE ON sales.orders TO sales_clerks;

-- Grant all typical table privileges (varies by RDBMS)
GRANT ALL ON shop.products TO data_admin WITH GRANT OPTION;

Tip: Best practice is to grant the minimum privileges required (principle of least privilege) and prefer roles (groups) over granting to individual users.

The REVOKE statement removes previously granted privileges from a user or role.

REVOKE privilege_list
ON object_name
FROM user_or_role;

-- Revoke SELECT privilege from user 'amit'
REVOKE SELECT ON hr.users FROM amit;

-- Revoke INSERT and UPDATE from a role
REVOKE INSERT, UPDATE ON sales.orders FROM sales_clerks;

Revoking a privilege may cascade depending on the database and whether the grantee used WITH GRANT OPTION to grant it further.

Exact privilege names and behavior can vary slightly between databases (Oracle, MySQL, PostgreSQL, SQL Server). Always check your RDBMS documentation for specifics.