DENY#

Synopsis#

DENY ( privilege [, ...] | ( ALL PRIVILEGES ) )
ON ( table_name |
     TABLE table_name |
     SCHEMA schema_name |
     MY ACCOUNT |
     CLUSTER cluster_name |
     CATALOG catalog_name |
     COLUMN column_name |
     LOCATION table_location |
     FUNCTION function_name |
     DATA_PRODUCT data_product_name
)
TO ROLE role

Description#

Denies the specified privileges to the specified grantee.

Specifying ALL PRIVILEGES denies all entity kind privileges on the entity to the supplied role. If the entity is a table, SELECT, UPDATE, DELETE and INSERT privileges are denied.

The schema_name may be a “qualified name”, where the catalog is specified explicitly, e.g., my_catalog.my_schema. If the catalog is not supplied the current session catalog is used.

The table_name, function_name or column_name may be “qualified names” in which the schema and sometimes the catalog are explicit. For example, the table my_catalog.my_schema.my_table, in which all components are explicit, and my_schema.my_table, in which the schema is explicit and the catalog defaults to the session catalog.

Deny on a table rejects the specified privilege on all current and future columns of the table.

Deny on a schema rejects the specified privilege on all current and future columns of all current and future tables of the schema.

To deny an account privilege, the entity kind and account must be MY ACCOUNT.

Examples#

Deny INSERT and SELECT privileges on the table orders to role orders_admin:

DENY INSERT, SELECT ON orders TO ROLE orders_admin;

Deny DELETE privilege on the schema finance to role finance_admin:

DENY DELETE ON SCHEMA finance TO ROLE finance_admin;

Deny SELECT privilege on the table orders to everyone:

DENY SELECT ON orders TO ROLE PUBLIC;

DENY cluster privilege USE_CLUSTER on cluster demo_cluster to role data_user:

DENY USE_CLUSTER ON CLUSTER demo_cluster TO ROLE data_user;

Deny account privilege CREATE_ROLE to role roles_admin:

DENY CREATE_ROLE ON MY ACCOUNT to role `roles_admin`;

See also#

SQL entity kinds and privileges, GRANT privilege, REVOKE privilege, SHOW GRANTS