deny

Syntax

deny(userId|groupId, accessType, [objs])

Arguments

userId | groupId a string indicating a user name or a group name.

accessType is the type of privilege.

objs a string scalar/vector indicating the objects that the priviledges specified by accessType applies to.

See the privilege table in User Access Control for the values that accessType and objs can take.

Details

Deny specified access privileges to a user or a group. This command can only be executed by an administrator on the controller/data node.

Note that when accessType is DB_OWNER, deny only takes effect globally.

Examples

None of the members of the group “production” can read any table in the database dfs://db1:

$ deny(`production, TABLE_READ, "dfs://db1")

None of the members of the group “research” can write to the table dfs://db1/t1:

$ deny(`research, TABLE_WRITE, "dfs://db1/t1")

None of the members of the group “research” can create tables in the databases dfs://db1 or dfs://db2:

$ deny("research", DBOBJ_CREATE, ["dfs://db1","dfs://db2"])

The user “AlexSmith” cannot create or delete databases:

$ deny("AlexSmith", DB_MANAGE)

The user “AlexSmith” cannot execute script:

$ deny("AlexSmith", SCRIPT_EXEC)

The user “AlexSmith” cannot test script:

$ deny("AlexSmith", TEST_EXEC)