DENY
Applies to: Databricks SQL Databricks Runtime
Important
This function is not supported by Unity Catalog.
Denies a privilege on a securable object to a principal. Denying a privilege takes precedent over any explicit or implicit grant.
Denying a privilege on a schema
(for example a SELECT
privilege) has the effect of implicitly denying that privilege on all
objects in that schema. Denying a specific privilege on the catalog implicitly
denies that privilege on all schemas in the catalog.
Note
This statement applies only to the hive_metastore
catalog and its objects.
Important
To undo a DENY
you REVOKE
the same privilege from the principal.
Syntax
DENY privilege_types ON securable_object TO principal
privilege_types
{ ALL PRIVLEGES |
privilege_type [, ...] }
Parameters
privilege_types
This identifies one or more privileges the
principal
is denied.ALL PRIVILEGES
Deny all privileges applicable to the
securable_object
.-
A specific privilege to deny the
principal
on thissecurable_object
-
The object on which the privileges are denied to the principal.
-
The user or group whose privileges are denied.
Example
-- Deny Alf the right to query `t`.
> DENY SELECT ON TABLE t TO `alf@melmak.et`;
-- Undo the the `DENY`.
> REVOKE SELECT ON TABLE t FROM `alf@melmak.et`;