deny
Syntax
deny(userId|groupId, accessType, [objs])
Arguments
userId | groupId a string indicating a user name or a group name.
accessType is the type of privilege.
objs a string scalar/vector indicating the objects that the priviledges specified by accessType applies to.
See the privilege table in User Access Control for the values that accessType and objs can take.
Details
Deny specified access privileges to a user or a group. This command can only be executed by an administrator on the controller/data node.
Note that when accessType is DB_OWNER, deny
only takes effect globally.
Examples
None of the members of the group “production” can read any table in the database dfs://db1:
$ deny(`production, TABLE_READ, "dfs://db1")
None of the members of the group “research” can write to the table dfs://db1/t1:
$ deny(`research, TABLE_WRITE, "dfs://db1/t1")
None of the members of the group “research” can create tables in the databases dfs://db1 or dfs://db2:
$ deny("research", DBOBJ_CREATE, ["dfs://db1","dfs://db2"])
The user “AlexSmith” cannot create or delete databases:
$ deny("AlexSmith", DB_MANAGE)
The user “AlexSmith” cannot execute script:
$ deny("AlexSmith", SCRIPT_EXEC)
The user “AlexSmith” cannot test script:
$ deny("AlexSmith", TEST_EXEC)