deny

deny(userId|groupId,accessType,[objs])

userId or groupId is a string indicating a user name or a group name.

accessType is the type of privilege.

objs (optional) is a STRING scalar/vector indicating the objects that the priviledges specified by accessType applies to. "*" means all objects.

See the table of privileges listed in User Access Control for the values that accessType and objs can take.

Deny specified access privileges to a user or a group.

Administrators can grant users all privileges (accessType) through this command, but regular users, after having the relevant OWNER privileges, can only grant the following privileges through this command: TABLE_READ, TABLE_WRITE, TABLE_INSERT, TABLE_UPDATE, TABLE_DELETE, DB_READ, DB_WRITE, DB_INSERT, DB_UPDATE, DB_DELETE, DBOBJ_DELETE, DBOBJ_CREATE and VIEW_EXEC.

Note that when accessType is DB_OWNER, deny only takes effect globally.

None of the members of the group "production" can read any table in the database dfs://db1:

deny(`production, TABLE_READ, "dfs://db1")

None of the members of the group "research" can write to the table dfs://db1/t1:

deny(`research, TABLE_WRITE, "dfs://db1/t1")

None of the members of the group "research" can create tables in the databases dfs://db1 or dfs://db2:

deny("research", DBOBJ_CREATE, ["dfs://db1","dfs://db2"])

The user "AlexSmith" cannot create or delete databases:

deny("AlexSmith", DB_MANAGE)

The user "AlexSmith" cannot execute script:

deny("AlexSmith", SCRIPT_EXEC)

The user "AlexSmith" cannot test script:

deny("AlexSmith", TEST_EXEC)