Denies permissions on a certificate.
Transact-SQL Syntax Conventions
DENY permission [ ,...n ] ON CERTIFICATE :: certificate_name TO principal [ ,...n ] [ CASCADE ] [ AS denying_principal ]
Specifies a permission that can be denied on a certificate. Listed below.
Specifies the certificate on which the permission is being denied. The scope qualifier "::" is required.
Specifies the principal to which the permission is being denied. One of the following:
database user
database role
application role
database user mapped to a Windows login
database user mapped to a Windows group
database user mapped to a certificate
database user mapped to an asymmetric key
database user not mapped to a server principal.
Indicates that the permission being denied is also denied to other principals to which it has been granted by this principal.
Specifies a principal from which the principal executing this query derives its right to deny the permission. One of the following:
A certificate is a database-level securable contained by the database that is its parent in the permissions hierarchy. The most specific and limited permissions that can be denied on a certificate are listed below, together with the more general permissions that include them by implication.
Certificate permission
Implied by certificate permission
Implied by database permission
CONTROL
TAKE OWNERSHIP
ALTER
ALTER ANY CERTIFICATE
REFERENCES
VIEW DEFINITION
Requires CONTROL permission on the certificate. If the AS clause is used, the specified principal must own the certificate.