DENY Schema Permissions (Transact-SQL)
Denies permissions on a schema.
Syntax
DENY permission [ ,...n ] } ON SCHEMA ::schema_name
TO database_principal [ ,...n ]
[ CASCADE ]
[ AS denying_principal ]
Arguments
permission
Specifies a permission that can be denied on a schema. For a list of these permissions, see the Remarks section later in this topic.ON SCHEMA :: schema_name
Specifies the schema on which the permission is being denied. The scope qualifier :: is required.database_principal
Specifies the principal to which the permission is being denied. database_principal can be one of the following:Database user
Database role
Application role
Database user mapped to a Windows login
Database user mapped to a Windows group
Database user mapped to a certificate
Database user mapped to an asymmetric key
Database user not mapped to a server principal
CASCADE
Indicates that the permission being denied is also denied to other principals to which it has been granted by this principal.denying_principal
Specifies a principal from which the principal executing this query derives its right to deny the permission. denying_principal can be one of the following:Database user
Database role
Application role
Database user mapped to a Windows login
Database user mapped to a Windows group
Database user mapped to a certificate
Database user mapped to an asymmetric key
Database user not mapped to a server principal
Remarks
A schema is a database-level securable that is contained by the database that is its parent in the permissions hierarchy. The most specific and limited permissions that can be denied on a schema are listed in the following table, together with the more general permissions that include them by implication.
Schema permission |
Implied by schema permission |
Implied by database permission |
---|---|---|
CONTROL |
CONTROL |
CONTROL |
TAKE OWNERSHIP |
CONTROL |
CONTROL |
ALTER |
CONTROL |
ALTER ANY SCHEMA |
EXECUTE |
CONTROL |
EXECUTE |
INSERT |
CONTROL |
INSERT |
DELETE |
CONTROL |
DELETE |
UPDATE |
CONTROL |
UPDATE |
SELECT |
CONTROL |
SELECT |
REFERENCES |
CONTROL |
REFERENCES |
VIEW CHANGE TRACKING |
CONTROL |
CONTROL |
VIEW DEFINITION |
CONTROL |
VIEW DEFINITION |
Permissions
Requires CONTROL permission on the schema. If you are using the AS option, the specified principal must own the schema.
See Also
Reference
Concepts
Change History
Updated content |
---|
Added the VIEW CHANGE TRACKING permission. |