What is DCL?

Posted on by Ian

When using relational database management systems (RDBMSs) we often hear terms like DDL, DML, DQL, TCL, and DCL. But what exactly are they?

In this article we’ll look at what DCL stands for in the context of SQL, and what it does.

What Does DCL Stand For?

In the context of SQL, DCL stands for Data Control Language.

DCL is a subset of SQL. It’s just one of the various initialisms we can find in SQL. Others include DDL (Data Definition Language), DML (Data Manipulation Language), TCL (Transaction Control Language), and DQL (Data Query Language).

What Does DCL Do?

Data Control Language is a subset of SQL that’s used to control access to data in a relational database.

DCL statements are typically used to define who is authorised to perform specific operations on the database objects, such as tables, views, stored procedures, and functions. The three main DCL statements in SQL are:

  • GRANT – allows a user or a group of users to access a particular database object or to perform a specific action on it. For example, you can grant SELECT permission on a table to a user or group of users, which allows them to read the data in the table.
  • REVOKE – revokes or removes the previously granted permissions from a user or a group of users. For example, you can revoke the SELECT permission on a table from a user or group of users, which would prevent them from accessing the data in the table.
  • DENY – denies or blocks a user or a group of users from accessing a particular database object or performing a specific action on it. For example, you can deny SELECT permission on a table to a user or group of users, which would prevent them from reading the data in the table.

In addition to these DCL statements, there are other statements that can be used to manage user and group permissions, such as CREATE USER, CREATE ROLE, ALTER USER, and ALTER ROLE. Typically, when we create a user or a role, it is created without any permissions. We then use DCL statements such as GRANT to grant that user/role access to the objects we want it to have access to.

By using DCL, database administrators can ensure that only authorised users or groups can access and modify the database objects, which helps to maintain the integrity and security of the data.

DCL Example

Here’s an example of a DCL statement:

CREATE USER 'homer'@'localhost' IDENTIFIED BY 'reallystrongpassword';
GRANT ALL ON employees.* TO 'homer'@'localhost';
GRANT SELECT ON krankykranes.products TO 'homer'@'localhost';

That created a user, then granted that user full access to all tables in the employees database, and SELECT access to the products table of the krankykranes database.

The user was created with the CREATE USER statement, and the permissions were granted with the GRANT statements.