| title | titleSuffix | description | author | ms.author | ms.date | ms.service | ms.subservice | ms.topic | ms.custom | helpviewer_keywords | dev_langs | monikerRange | ||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
DENY Search Property List Permissions |
SQL Server (Transact-SQL) |
Deny permissions on a search property list. |
VanMSFT |
vanto |
06/10/2016 |
sql |
t-sql |
reference |
|
|
|
>=aps-pdw-2016 || =azuresqldb-current || =azure-sqldw-latest || >=sql-server-2016 || >=sql-server-linux-2017 || =azuresqldb-mi-current || =fabric |
[!INCLUDE SQL Server Azure SQL Database Azure SQL Managed Instance Azure Synapse Analytics PDW FabricSQLDB]
Denies permissions on a search property list.
:::image type="icon" source="../../includes/media/topic-link-icon.svg" border="false"::: Transact-SQL syntax conventions
DENY permission [ ,...n ] ON
SEARCH PROPERTY LIST :: search_property_list_name
TO database_principal [ ,...n ] [ CASCADE ]
[ AS denying_principal ]
permission
Is the name of a permission. The valid mappings of permissions to securables are described in the "Remarks" section, later in this topic.
ON SEARCH PROPERTY LIST ::search_property_list_name
Specifies the search property list on which the permission is being denied. The scope qualifier :: is required.
database_principal
Specifies the principal to which the permission is being denied. The principal can be one of the following:
- database user
- database role
- application role
- database user mapped to a Windows login
- database user mapped to a Windows group
- database user mapped to a certificate
- database user mapped to an asymmetric key
- database user not mapped to a server principal.
CASCADE
Indicates that the permission being denied is also denied to other principals to which it has been granted by this principal.
denying_principal
Specifies a principal from which the principal executing this query derives its right to deny the permission. The principal can be one of the following:
- database user
- database role
- application role
- database user mapped to a Windows login
- database user mapped to a Windows group
- database user mapped to a certificate
- database user mapped to an asymmetric key
- database user not mapped to a server principal.
A search property list is a database-level securable contained by the database that is its parent in the permissions hierarchy. The most specific and limited permissions that can be denied on a search property list are listed in the following table, together with the more general permissions that include them by implication.
| Search property list permission | Implied by search property list permission | Implied by database permission |
|---|---|---|
| ALTER | CONTROL | ALTER ANY FULLTEXT CATALOG |
| CONTROL | CONTROL | CONTROL |
| REFERENCES | CONTROL | REFERENCES |
| TAKE OWNERSHIP | CONTROL | CONTROL |
| VIEW DEFINITION | CONTROL | VIEW DEFINITION |
Requires CONTROL permission on the full-text catalog. If using the AS option, the specified principal must own the full-text catalog.
CREATE APPLICATION ROLE (Transact-SQL)
CREATE ASYMMETRIC KEY (Transact-SQL)
CREATE CERTIFICATE (Transact-SQL)
CREATE SEARCH PROPERTY LIST (Transact-SQL)
DENY (Transact-SQL)
Encryption Hierarchy
sys.fn_my_permissions (Transact-SQL)
GRANT Search Property List Permissions (Transact-SQL)
HAS_PERMS_BY_NAME (Transact-SQL)
Principals (Database Engine)
REVOKE Search Property List Permissions (Transact-SQL)
sys.fn_builtin_permissions (Transact-SQL)
sys.registered_search_property_lists (Transact-SQL)
Search Document Properties with Search Property Lists