Introduction to Data Control Language
In RDBMS (Relational Database Management System) SQL (Structured Query Language) is used to carry out various operations in a database. The commands in SQL are classified usually into DDL (Data Definition Language), DQL (Data Query Language), DML (Data Manipulation Language) and DCL (Data Control Language). Data Control Language is used to control the access of the data which is stored in the Database. The DCL becomes very useful in the case where the database is exposed to multiple users who might update or make changes to the Database which in turn might create many issues.
Why do we Need Data Control Language?
These are some data control language needs we need to be aware of:
- It is used to control the privileges given to the users in a Database.
- It prevents the other users from making changes or updates to the database by providing access or removing them to the users.
- It is to be noted that not all the users of a database have all the privileges to carry out all the operations concerning a database, for example, not all the users can have permission to execute all the DDL or DML commands.
- It is the responsibility of the database owner or the administrator to provide privileges to the different users according to their roles or the business need.
- So the DCL provides the necessary means to maintain the database effectively so that no other users can make any changes that do not concern their role or might impact the security of the database.
How Data Control Language Works?
Let’s know how the statements in DCL works.
- Privileges are the permissions provided to the various users for accessing the different database objects.
- There are two types of privileges and they are Object and System privileges.
- The System privileges provide permission or access to create tables, sessions, etc. The Object privilege provides access or permission for a query to execute any operation on the tables in a Database.
- The system privileges allow users to perform ALTER, DROP or CREATE database objects whereas the object privileges allow the users to SELECT, INSERT, DELETE, UPDATE, or EXECUTE the data on the database objects on which the privileges are applied.
- For example, the Create object allows creating objects in its own schema, whereas the Create any object allows creating of objects in any schema.
- It becomes difficult to grant or revoke the privileges if there are many users in a particular database environment. In order to overcome such difficulties, we need to define roles so that the grant or revoke privileges can be executed automatically.
- The collection or bundles of privileges can be called Roles. When a Role is granted to the user, all the privileges that come along with it are automatically granted to the user.
- The same case is with the revoke command where the privileges which are under the Roles get revoked automatically for the user. The creation of roles reduces the time consumption as it would consume more time if each of the privileges would be granted or revoked separately.
Data Control Language Commands with Example
The DCL has two commands and they are Grant and Revoke.
This command provides the users the access or privileges to the database objects.
GRANT privilege_name ON object_name TO user_name|PUBLIC|role_name [WITH GRANT OPTION];
In the above syntax,
- privilege_name denotes the privileges those are granted to the user such as EXECUTE or ALL etc.
- object_name refers to the name of the database objects such as views, tables, etc.
- user_name denotes the name of the users to whom the privileges will be granted, the PUBLIC is used to grant privileges to all the users.
- WITH GRANT OPTION provides the rights to one user to grant the privileges to the other users.
Let us take the example of the ‘STUDENTS’ table to provide select privileges to the user – user123 as below.
GRANT SELECT ON STUDENTS TO user123;
In the above command, if we use WITH GRANT OPTION, the user123 gets the privilege to grant the select privilege to other users. So we need to be careful before providing such privilege to user123 here.
This command takes back or cancels the privileges or permissions previously allowed or denied to the users.
REVOKE privilege_name ON object_name FROM user_name|PUBLIC|role_name;
The select permission for the user-user123 can be revoked from the table ‘STUDENTS’ by using the below command.
REVOKE SELECT ON STUDENTS FROM user123;
When the SELECT privilege is revoked from the user as above, the user cannot select data from the table. But if the user has received the select privileges from more than one user for a particular table, the user can use the select privilege until all the users who granted the privilege revoke it from the user. Also if one privilege is not granted by one user, it cannot be revoked by that user.
Advantages of Data Control Language
Here are some of the advantages of data control language which are explained below:
- The most important role that the Data Control Language plays is that it provides the security of the database by controlling the access level of the data in the database.
- The DCL commands do the above by granting or removing many privileges or the permissions provided to the various users for the database.
- The authority to grant or revoke privileges is maintained by the Database Administrator or the owner of the database which effectively prevents any issues those might generate from exposing the database to many users or to multiple database environments.
The owner of the database or the administrator of the database can provide or remove the privileges given to the database objects. DCL is used to ensure the security of a database in an environment where multiple databases or various users are present by controlling the privileges given to the users.
This is a guide to Data Control Language. Here we discuss how it works, need, advantages and command of data control language with appropriate example. You may also look at the following articles to learn more –