Summary  
This chapter covers controlling access to data through DCL commands, specifically using GRANT and REVOKE to assign or remove privileges on objects.

General domain of usage  
Relational database access control

**Data Control Language (DCL)** is a subset of SQL used to **control access** to data stored in a relational database management system.   
DCL commands are primarily concerned with granting or revoking privileges on database objects such as tables, views, and schemas.

## DCL commands
The two main DCL commands are:

1. `GRANT`: this command is used to give specific privileges to users or roles;

2. `REVOKE`: this command is used to remove specific privileges from users or roles that have been previously granted.


## Privileges

## Implementation
To grant some privileges for an object in SQL for a particular user we can use the following statement: 
```sql
GRANT privileges
ON object
TO {user | role | PUBLIC};
```
There are 3 types of roles in DB to which you can grant some privileges:
- **user**: an individual database user;
- **role**: a database role, a named group of privileges that can be assigned to users (e.g. admin, developer, analyst);
- **PUBLIC**: a special keyword that grants the specified privileges to all users.

We can grant a role to a user using the following statement:
```sql
GRANT role TO user;
```
Finally, we can revoke previously granted privileges using the following statement:
```sql
REVOKE privileges
ON object
FROM {user | role | PUBLIC};
```





## Example
Here are some examples of how to use the `GRANT` command to assign different privileges on the bankaccounts and userlogs tables to different roles and users.
```sql
-- Create role
CREATE ROLE bank_manager;

-- Grant privileges to bank_manager role
GRANT SELECT, INSERT, UPDATE, DELETE ON BankAccounts TO bank_manager;
GRANT SELECT, INSERT ON UserLogs TO bank_manager;

-- Create users
CREATE USER john WITH PASSWORD 'password123';
CREATE USER jane WITH PASSWORD 'password456';

-- Assign roles to users
GRANT bank_manager TO john;
GRANT bank_manager TO jane;
```
Now we can revoke some of the granted privileges:
```sql
-- Revoke privileges from bank_manager role
REVOKE UPDATE, DELETE ON BankAccounts FROM bank_manager;
REVOKE INSERT ON UserLogs FROM bank_manager;

-- Revoke bank_manager role from john
REVOKE bank_manager FROM john;
```

What privilege allows a user to read data from a table?

Explore advanced SQL concepts essential for backend development. Learn about ACID transaction properties, query optimization, indexing strategies, window functions, and triggers, and understand how these features help build efficient and reliable database systems used in large-scale backend applications.

Data Control Language

DCL commands

Privileges

Objects

Implementation

Example