revoke vs deny : what is the difference

22.9k Views Asked by ceth At 13 April 2025 at 03:17

What is the difference between the DENY and REVOKE commands in SQL Server?

There are 4 best solutions below

Ralph Shillington On 25 April 2011 at 12:44 BEST ANSWER

Revoke is the opposite of a Grant (at least in as much as Grant adds an access rule and Revoke Removes an access Rule) While somewhat counter-intuative Deny also adds an access rule (which of course can be removed with a Revoke).

If I grant the sales group access I can later revoke it.

However I could also deny you access, and even through you're in the sales group you'll not have access.

sebkun On 29 May 2017 at 10:59

Granting Permission means that a user can access the object
Denying permission overrides a granted permission
Revoking a permission removes the permission that has been assigned, regardless of whether it was a denied permission or a granted permission

Taylor Gerring On 25 April 2011 at 12:50

REVOKE removes access that has been GRANTed. DENY explicitly rejects, taking precedence over GRANTs.

To the last point, if someone is part of the db_denydatawriter role, but you GRANT INSERT to them, the DENY will override that GRANT and they will be unable to INSERT.

Andomar On 25 April 2011 at 12:59

Each object has a list of rules DENYing and GRANTing access.

REVOKE is an operation that removes a rule from the list of access rules.

revoke vs deny : what is the difference

There are 4 best solutions below

Related Questions in SQL-SERVER

Related Questions in T-SQL

Related Questions in DATABASE-ADMINISTRATION

Related Questions in SQLCOMMAND

Related Questions in SQL-REVOKE

Trending Questions

Popular # Hahtags

Popular Questions