DCL

Data Control Language

 DCL(Data Control Language) : DCL includes commands such
as GRANT and REVOKE which mainly deals with the rights,
permissions and other controls of the database
system.Examples of DCL commands:
 GRANT-gives user’s access privileges to database.
 REVOKE-withdraw user’s access privileges given by using the
GRANT command.
 TCL(transaction Control Language) : TCL commands deals
with the transaction within the database.Examples of TCL
commands:
 COMMIT– commits a Transaction.
 ROLLBACK– rollbacks a transaction in case of any error occurs.
 SAVEPOINT–sets a savepoint within a transaction.
 SET TRANSACTION–specify characteristics for the transaction.
 Allow a User to create session
 When we create a user in SQL, it is not even allowed to login and create a session
until and unless proper permissions/priviliges are granted to the user.
 Following command can be used to grant the session creating priviliges.
 GRANT CREATE SESSION TO username;Allow a User to create table
 To allow a user to create tables in the database, we can use the below command,
 GRANT CREATE TABLE TO username;Provide user with space on tablespace to
store table
 Allowing a user to create table is not enough to start storing data in that table. We
also must provide the user with priviliges to use the available tablespace for their
table and data.
 ALTER USER username QUOTA UNLIMITED ON SYSTEM;The above command
will alter the user details and will provide it access to unlimited tablespace on
system.
 NOTE: Generally unlimited quota is provided to Admin users.
 Grant all privilege to a User
sysdba is a set of priviliges which has all the permissions in it. So if we want to provide all the privileges to any user, we can simply grant
them the sysdba permission.
GRANT sysdba TO usernameGrant permission to create any table
Sometimes user is restricted from creating come tables with names which are reserved for system tables. But we can grant privileges to a
user to create any table using the below command,
GRANT CREATE ANY TABLE TO usernameGrant permission to drop any table
As the title suggests, if you want to allow user to drop any table from the database, then grant this privilege to the user,
GRANT DROP ANY TABLE TO usernameTo take back Permissions
And, if you want to take back the privileges from any user, use the REVOKE command.
REVOKE CREATE TABLE FROM username
 SQL GRANT Command
 SQL GRANT is a command used to provide access or privileges on the database objects to the users.
 The Syntax for the GRANT command is:
 GRANT privilege_name
ON object_name
TO {user_name |PUBLIC |role_name}
[WITH GRANT OPTION];

 privilege_name is the access right or privilege granted to the user. Some of the access rights are ALL, EXECUTE, and SELECT.
 object_name is the name of an database object like TABLE, VIEW, STORED PROC and SEQUENCE.
 user_name is the name of the user to whom an access right is being granted.
 user_name is the name of the user to whom an access right is being granted.
 PUBLIC is used to grant access rights to all users.
 ROLES are a set of privileges grouped together.
 WITH GRANT OPTION - allows a user to grant access rights to other users.
 For Example: GRANT SELECT ON employee TO user1; This command grants a SELECT permission on employee table to user1.You should use the WITH GRANT option carefully because for example if you GRANT SELECT privilege on
employee table to user1 using the WITH GRANT option, then user1 can GRANT SELECT privilege on employee table to another user, such as user2 etc. Later, if you REVOKE the SELECT privilege on employee from user1, still user2 will
have SELECT privilege on employee table.
 SQL REVOKE Command:
 The REVOKE command removes user access rights or privileges to the database objects.
 The Syntax for the REVOKE command is:
 REVOKE privilege_name
ON object_name
FROM {user_name |PUBLIC |role_name}

 For Example: REVOKE SELECT ON employee FROM user1;This command will REVOKE a SELECT privilege on employee table from user1.When you REVOKE SELECT privilege on a table from a user, the user will not be able to SELECT
data from that table anymore. However, if the user has received SELECT privileges on that table from more than one users, he/she can SELECT from that table until everyone who granted the permission revokes it. You cannot REVOKE
privileges if they were not initially granted by you.
 Privileges and Roles:
 Privileges: Privileges defines the access rights provided to a user on a database object. There are two types of privileges.
 1) System privileges - This allows the user to CREATE, ALTER, or DROP database objects.
2) Object privileges - This allows the user to EXECUTE, SELECT, INSERT, UPDATE, or DELETE data from database objects to which the privileges apply.

 Few CREATE system privileges are listed below:

 System PrivilegesDescriptionCREATE objectallows users to create the specified object in their own schema.CREATE ANY objectallows users to create the specified object in any schema.
 The above rules also apply for ALTER and DROP system privileges.
 Few of the object privileges are listed below:
 Object PrivilegesDescriptionINSERTallows users to insert rows into a table.SELECTallows users to select data from a database object.UPDATEallows user to update data in a table.EXECUTEallows user to execute a stored procedure or a
function.
 Roles: Roles are a collection of privileges or access rights. When there are many users in a database it becomes difficult to grant or revoke privileges to users. Therefore, if you define roles, you can grant or revoke privileges to users, thereby
automatically granting or revoking privileges. You can either create Roles or use the system roles pre-defined by oracle.
 Some of the privileges granted to the system roles are as given below:
 System RolePrivileges Granted to the RoleCONNECTCREATE TABLE, CREATE VIEW, CREATE SYNONYM, CREATE SEQUENCE, CREATE SESSION etc.RESOURCECREATE PROCEDURE, CREATE SEQUENCE, CREATE TABLE,
CREATE TRIGGER etc. The primary usage of the RESOURCE role is to restrict access to database objects.DBAALL SYSTEM PRIVILEGES
 Creating Roles:
 The Syntax to create a role is:
 CREATE ROLE role_name
[IDENTIFIED BY password];

 For Example: To create a role called "developer" with password as "pwd",the code will be as follows
 CREATE ROLE testing
[IDENTIFIED BY pwd];

 It's easier to GRANT or REVOKE privileges to the users through a role rather than assigning a privilege directly to every user. If a role
is identified by a password, then, when you GRANT or REVOKE privileges to the role, you definitely have to identify it with the
password.
 We can GRANT or REVOKE privilege to a role as below.
 For example: To grant CREATE TABLE privilege to a user by creating a testing role:
 First, create a testing Role
 CREATE ROLE testing
 Second, grant a CREATE TABLE privilege to the ROLE testing. You can add more privileges to the ROLE.
 GRANT CREATE TABLE TO testing;
 Third, grant the role to a user.
 GRANT testing TO user1;
 To revoke a CREATE TABLE privilege from testing ROLE, you can write:
 REVOKE CREATE TABLE FROM testing;
 The Syntax to drop a role from the database is as below:
 DROP ROLE role_name;
 For example: To drop a role called developer, you can write:
 DROP ROLE testing;