deny
Syntax
deny(userId|groupId,accessType,[objs])
Arguments
userId or groupId is a string indicating a user name or a group name.
accessType is the type of privilege.
objs (optional) is a STRING scalar/vector indicating the objects that the priviledges specified by accessType applies to.
See the table of privileges listed in User Access Control for the values that accessType and objs can take.
Details
Deny specified access privileges to a user or a group.
Administrators can grant users all privileges (accessType) through this command, but regular users, after having the relevant OWNER privileges, can only grant the following privileges through this command: TABLE_READ, TABLE_WRITE, TABLE_INSERT, TABLE_UPDATE, TABLE_DELETE, DB_READ, DB_WRITE, DB_INSERT, DB_UPDATE, DB_DELETE, DBOBJ_DELETE, DBOBJ_CREATE and VIEW_EXEC.
Note that when accessType is DB_OWNER, deny
only takes effect
globally.
Examples
None of the members of the group "production" can read any table in the database dfs://db1:
deny(`production, TABLE_READ, "dfs://db1")
None of the members of the group "research" can write to the table dfs://db1/t1:
deny(`research, TABLE_WRITE, "dfs://db1/t1")
None of the members of the group "research" can create tables in the databases dfs://db1 or dfs://db2:
deny("research", DBOBJ_CREATE, ["dfs://db1","dfs://db2"])
The user "AlexSmith" cannot create or delete databases:
deny("AlexSmith", DB_MANAGE)
The user "AlexSmith" cannot execute script:
deny("AlexSmith", SCRIPT_EXEC)
The user "AlexSmith" cannot test script:
deny("AlexSmith", TEST_EXEC)