MIT 213 – DATA MANAGEMENT

TUTORIAL 7: Data Manipulation Language (DML) and Data Control

Language (DCL)

1 Introduction
Data Manipulation Language (DML) and Data Control Language (DCL) are two important
components of SQL (Structured Query Language) that are used to manage and control data in
a database system. Let's take a closer look at each of these components:
1.1 Data Manipulation Language (DML)
DML is a subset of SQL commands that deals with managing and manipulating data in the
database. It allows users to perform operations such as inserting, updating, deleting, and
retrieving data from database tables. Here are some commonly used DML commands:
• SELECT: This command is used to retrieve data or records from one or more tables in
the database.
• INSERT: It is used to insert one or more new records into a table in the database.
• UPDATE: This command is used to modify or change existing data or records in a table.
• DELETE: It is used to delete existing records from a table in the database.
• MERGE: This command allows for the insertion, updating, and deletion of data in the
same SQL statement.
1.2 Data Control Language (DCL)
DCL is another subset of SQL commands that deals with controls, rights, and permissions in
the database system. It is used to grant or revoke access privileges to database objects such as
tables, views, and procedures. Here are some commonly used DCL commands:
• GRANT: This command is used to give access privileges or permissions to database
objects.
• REVOKE: It is used to withdraw or revoke access privileges or permissions that were
previously granted using the GRANT command.

2 Practicing Advanced DML Statements in SQL

DML (Data Manipulation Language) statements in SQL are used for data retrieval and
manipulation. They allow you to perform operations such as adding new rows, updating
existing rows, deleting rows, and merging tables. In this comprehensive guide, we will explore
advanced DML statements in SQL and provide examples using SQL syntax.
2.1 INSERT Statement
The INSERT statement is used to add new rows to a table. It allows you to specify the values
for each column in the table.
Syntax:
INSERT INTO table_name (column1, column2, ...)
VALUES (value1, value2, ...)
Example: Let's consider a table called "employees" with columns "emp_id", "emp_name", and
"emp_salary". We want to insert a new employee with the following values:
INSERT INTO employees (emp_id, emp_name, emp_salary)
VALUES (1, 'John Doe', 5000)
2.2 UPDATE Statement
The UPDATE statement is used to modify existing rows in a table. It allows you to update one
or more columns based on a specified condition.
Syntax:
UPDATE table_name
SET column1 = value1, column2 = value2, ...
WHERE condition
Example: Let's update the salary of an employee with emp_id = 1 to 6000:
UPDATE employees
SET emp_salary = 6000
WHERE emp_id = 1
2.3 DELETE Statement
The DELETE statement is used to remove existing rows from a table based on a specified
condition.
Syntax:
DELETE FROM table_name
WHERE condition
Example: Let's delete an employee with emp_id = 1 from the "employees" table:
DELETE FROM employees
WHERE emp_id = 1
2.4 MERGE Statement
The MERGE statement is used to synchronize data between two tables based on specified
conditions. It allows you to update, insert, or delete rows in the target table based on the data
in the source table.
Syntax:
MERGE INTO target_table
USING source_table
ON condition
WHEN MATCHED THEN
UPDATE SET column1 = value1, column2 = value2, ...
WHEN NOT MATCHED THEN
INSERT (column1, column2, ...)
VALUES (value1, value2, ...)
Example: Let's merge data from the "source_table" into the "target_table" based on a matching
condition:
MERGE INTO target_table
USING source_table
ON target_table.id = source_table.id
WHEN MATCHED THEN
UPDATE SET target_table.column1 = source_table.column1
WHEN NOT MATCHED THEN
INSERT (column1, column2, ...)
VALUES (value1, value2, ...)
3 Managing User Access and Privileges Using DCL Statements in
SQL
Data Control Language (DCL) statements in SQL are used to manage user access and privileges
in a relational database. DCL statements allow database administrators to configure security
access and control the permissions granted to users. This ensures that only authorized users can
perform specific actions on the database objects. The three main DCL statements are GRANT,
REVOKE, and DENY.
3.1 Granting Permissions with the GRANT Command
The GRANT command is used to add new permissions to a database user. It allows
administrators to grant specific privileges on database objects to users. The syntax for the
GRANT command is as follows:
GRANT [privilege]
ON [object]
TO [user]
[WITH GRANT OPTION]
• Privilege: Specifies the specific privilege or set of privileges to be granted. Examples
include SELECT, INSERT, UPDATE, DELETE, and EXECUTE [1].
• Object: Refers to the specific database object on which the privilege is being granted.
It can be a table, view, stored procedure, or database [1].
• User: Specifies the user to whom the privilege is being granted. It can also be a role for
role-based security [1].
• WITH GRANT OPTION: An optional clause that allows the user to further grant the
same permissions to other users [1].
Example:
GRANT SELECT, INSERT
ON employees
TO user1;

This example grants the user "user1" the SELECT and INSERT privileges on the "employees"
table [1].

3.2 Revoking Permissions with the REVOKE Command

The REVOKE command is used to remove previously granted permissions from a user. It
allows administrators to revoke specific privileges on database objects. The syntax for the
REVOKE command is as follows:
REVOKE [GRANT OPTION FOR] [permission]
ON [object]
FROM [user]
[CASCADE]
• Permission: Specifies the specific permission to be revoked. It can be a single privilege
or a set of privileges [1].
• Object: Refers to the specific database object from which the permission is being
revoked [1].
 • User: Specifies the user from whom the permission is being revoked [1].
• GRANT OPTION FOR: An optional clause that removes the user's ability to grant the
specified permission to other users [1].
• CASCADE: An optional clause that revokes the specified permission from any users
that the specified user granted the permission [1].
Example:
REVOKE SELECT, INSERT
ON employees
FROM user1;

This example revokes the SELECT and INSERT privileges on the "employees" table from the
user "user1" [1].

3.3 Explicitly Denying Permissions with the DENY Command

The DENY command is used to explicitly prevent a user from receiving a particular permission.
It allows administrators to create exceptions for users who are members of roles or groups that
have been granted a permission. The syntax for the DENY command is as follows:
DENY [permission]
ON [object]
TO [user]

• Permission: Specifies the specific permission to be denied [2].

• Object: Refers to the specific database object on which the permission is being
denied [2].
• User: Specifies the user to whom the permission is being denied [2].

Example:
DENY DELETE
ON employees
TO user1;

This example denies the user "user1" the DELETE permission on the "employees" table [2].