Add support for `DENY` statements #1836

aharpervc · 2025-05-01T22:03:09Z

This is another statement for SQL Server: https://learn.microsoft.com/en-us/sql/t-sql/statements/deny-transact-sql, but implemented in a common way. Similar to GRANT & REVOKE, so using a lot of those patterns with a similar test.

Supplementary improvements:

While I was working on that, I also noticed that EXEC was missing from the privileges list, so that's added now too (with a test example).
Additionally, SQL Server supports identifiers quoted [like this]. That dialect function hadn't been implemented yet, which caused a test failure on example that use that quoting style. So I've added that now too with a couple example cases for grant/deny.
Finally, "public" is a built in role on SQL Server, so doing something like grant select on mytable to public should parse public normally. However, the former logic was reading it as a keyword. This has been adjusted to be not special on SQL Server and tests cases have been added as well.

- this is required to have common tests with identifiers with that quote style

aharpervc force-pushed the mssql-deny branch from 38f6f84 to 79cf152 Compare May 1, 2025 22:03

aharpervc marked this pull request as draft May 1, 2025 22:11

aharpervc force-pushed the mssql-deny branch from 79cf152 to b323f52 Compare May 1, 2025 22:28

aharpervc marked this pull request as ready for review May 1, 2025 22:30

aharpervc added 4 commits May 2, 2025 10:49

Add support for DENY statements

87b9e03

Define identifier quote style for SQL Server

0eaee16

- this is required to have common tests with identifiers with that quote style

Add support for EXEC privilege type

279732e

Allow GRANT/DENY for public roles for SQL Server

681cfe1

aharpervc force-pushed the mssql-deny branch from 2f6294b to 681cfe1 Compare May 2, 2025 14:49

Provide feedback