Questões Comentadas - BD

(Cespe)Para atribuir permissões de acesso a objetos do SGDB Windows SQL 2000,
utilizamos os comandos GRANT, REVOKE e DENY.
O comando "Revoke select on TbUsuario from Carlos" retira o direito de acesso select à tabela TbUsuario ao usuário Carlos
permitindo que ele tenha acesso através de condição de membro de grupo que possua o direito.




Managing Database Permissions
You can assign database permissions by the database owner, members of sysadmin, and members of securityadmin. The available permissions include

• Grant: Gives permission to perform the related task. With roles, all members of the role inherit the permission.
• Revoke: Removes prior grant permission but doesn't explicitly prevent a user or role from performing a task. A user or role could still inherit grant permission from another role.
• Deny: Explicitly denies permission to perform a task and prevents the user or role from inheriting the permission. Deny takes precedence over all other grant permissions.

Note: Deny is a Transact-SQL command and isn't part of the ANSI SQL-92 standard.

Sample 5-13 REVOKE Syntax and Usage

Syntax

REVOKE {ALL | statement[,...n]}
FROM security_account[,...n]
REVOKE [GRANT OPTION FOR]
{ALL [PRIVILEGES] | permission[,...n]}
{
[(column[,...n])] ON {table | view}
| ON {table | view}[(column[,...n])]
| {stored_procedure | extended_procedure}
}
{TO | FROM}
security_account[,...n]
[CASCADE]
[AS {group | role}]

Usage

REVOKE CREATE TABLE, CREATE DEFAULT
FROM Devs, Testers
REVOKE INSERT, UPDATE, DELETE
FROM Users, [GALAXY\Sales]


Revoke select on TbUsuario from Carlos

http://www.microsoft.com/technet/prodtechnol/sql/2000/books/c05ppcsq.mspx