DDL, DML, DCL, and TCL
TL;DR
Every SQL command belongs to one of 4 categories: DDL (define structure), DML (manipulate data), DCL (control access), TCL (manage transactions). Knowing which is which is a guaranteed interview question.
Explain Like I'm 12
Think of a database like a school.
- DDL is the architect — builds classrooms (tables), adds whiteboards (columns), or tears down walls (drops tables).
- DML is the teacher — writes on the whiteboard (INSERT), erases things (DELETE), changes what's written (UPDATE), and reads it aloud (SELECT).
- DCL is the principal — decides who gets keys to which room (GRANT/REVOKE).
- TCL is the safety system — saves your work (COMMIT) or undoes a mistake (ROLLBACK).
The 4 Categories at a Glance
| Category | Full Name | Purpose | Commands | Auto-commit? |
|---|---|---|---|---|
| DDL | Data Definition Language | Define/change database structure | CREATE, ALTER, DROP, TRUNCATE, RENAME | Yes |
| DML | Data Manipulation Language | Read and modify data | SELECT, INSERT, UPDATE, DELETE, MERGE | No |
| DCL | Data Control Language | Control access permissions | GRANT, REVOKE | Yes |
| TCL | Transaction Control Language | Manage transactions | COMMIT, ROLLBACK, SAVEPOINT | N/A |
DDL Data Definition Language
DDL commands define the structure of your database — tables, columns, constraints, indexes. They answer: "What shape does the container have?"
CREATE — Build Something New
-- Create a table
CREATE TABLE employees (
id INT PRIMARY KEY,
name VARCHAR(100) NOT NULL,
email VARCHAR(255) UNIQUE,
dept_id INT REFERENCES departments(id),
salary DECIMAL(10, 2) DEFAULT 0,
hired_at DATE NOT NULL
);
-- Create an index
CREATE INDEX idx_emp_dept ON employees(dept_id);
-- Create a view
CREATE VIEW high_earners AS
SELECT name, salary FROM employees WHERE salary > 100000;ALTER — Change Existing Structure
-- Add a column
ALTER TABLE employees ADD COLUMN phone VARCHAR(20);
-- Change column type
ALTER TABLE employees ALTER COLUMN salary TYPE NUMERIC(12, 2);
-- Add a constraint
ALTER TABLE employees ADD CONSTRAINT chk_salary CHECK (salary >= 0);
-- Drop a column
ALTER TABLE employees DROP COLUMN phone;DROP — Destroy Permanently
-- Drop a table (all data gone!)
DROP TABLE employees;
-- Drop only if it exists (prevents errors)
DROP TABLE IF EXISTS temp_data;TRUNCATE — Delete All Rows, Keep Structure
-- Remove all rows but keep the table
TRUNCATE TABLE logs;
TRUNCATE vs DELETE: TRUNCATE is DDL (auto-commits, can't rollback, resets auto-increment). DELETE is DML (can rollback, fires triggers, slower on big tables).
DML Data Manipulation Language
DML commands work with the data inside tables. This is what you'll use 90% of the time.
SELECT — Read Data
SELECT name, salary FROM employees WHERE dept_id = 10 ORDER BY salary DESC;INSERT — Add New Rows
-- Single row
INSERT INTO employees (id, name, email, dept_id, salary, hired_at)
VALUES (1, 'Alice', '[email protected]', 10, 95000, '2024-01-15');
-- Multiple rows
INSERT INTO employees (id, name, email, dept_id, salary, hired_at) VALUES
(2, 'Bob', '[email protected]', 20, 90000, '2024-02-01'),
(3, 'Charlie', '[email protected]', 10, 90000, '2024-03-10');
-- Insert from a query
INSERT INTO archive_employees
SELECT * FROM employees WHERE hired_at < '2020-01-01';UPDATE — Modify Existing Rows
-- Update specific rows
UPDATE employees SET salary = salary * 1.10 WHERE dept_id = 10;
-- Update with a JOIN (PostgreSQL syntax)
UPDATE employees e
SET salary = salary * 1.05
FROM departments d
WHERE e.dept_id = d.id AND d.dept_name = 'Engineering';
Always use WHERE with UPDATE and DELETE. Without it, you'll modify or delete every row in the table. Run a SELECT first to verify your WHERE clause.
DELETE — Remove Rows
-- Delete specific rows
DELETE FROM employees WHERE id = 4;
-- Delete with a subquery
DELETE FROM employees
WHERE dept_id IN (SELECT id FROM departments WHERE archived = true);MERGE / UPSERT
-- PostgreSQL: INSERT or UPDATE if exists
INSERT INTO employees (id, name, salary)
VALUES (1, 'Alice', 100000)
ON CONFLICT (id) DO UPDATE SET salary = EXCLUDED.salary;DCL Data Control Language
DCL controls who can do what. It's the security layer of SQL.
GRANT — Give Permissions
-- Grant SELECT on a table
GRANT SELECT ON employees TO analyst_role;
-- Grant multiple permissions
GRANT SELECT, INSERT, UPDATE ON employees TO app_role;
-- Grant all on a schema
GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO admin_role;REVOKE — Remove Permissions
-- Revoke write access
REVOKE INSERT, UPDATE, DELETE ON employees FROM analyst_role;
-- Revoke all
REVOKE ALL PRIVILEGES ON employees FROM temp_user;
Principle of least privilege: Grant the minimum permissions needed. Analysts typically need SELECT only. Applications need SELECT + INSERT + UPDATE. Only admins get DROP or GRANT.
TCL Transaction Control Language
TCL manages transactions — groups of operations that must succeed or fail together.
COMMIT — Save Changes
BEGIN;
UPDATE accounts SET balance = balance - 500 WHERE id = 1;
UPDATE accounts SET balance = balance + 500 WHERE id = 2;
COMMIT; -- Both updates are now permanentROLLBACK — Undo Changes
BEGIN;
DELETE FROM employees WHERE dept_id = 30;
-- Oops, wrong department!
ROLLBACK; -- Nothing was deletedSAVEPOINT — Partial Rollback
BEGIN;
INSERT INTO orders VALUES (1, 'Widget', 100);
SAVEPOINT after_order;
INSERT INTO payments VALUES (1, 100, 'credit_card');
-- Payment failed!
ROLLBACK TO after_order;
-- Order still exists, payment rolled back
INSERT INTO payments VALUES (1, 100, 'bank_transfer');
COMMIT;
ACID: Transactions guarantee Atomicity (all or nothing), Consistency (valid state), Isolation (concurrent transactions don't interfere), Durability (committed = permanent). This is the most important concept in database reliability.
When to Use What
?
What do you need?
Pick the right category
🏗️
Change structure?
DDL: CREATE, ALTER, DROP
📝
Read/write data?
DML: SELECT, INSERT, UPDATE, DELETE
🔐
Control access?
DCL: GRANT, REVOKE
💾
Group operations?
TCL: BEGIN, COMMIT, ROLLBACK
Test Yourself
Q: Which category does CREATE TABLE belong to?
DDL (Data Definition Language). It defines the structure of the database.
Q: What's the difference between TRUNCATE and DELETE?
TRUNCATE is DDL (auto-commits, can't rollback, doesn't fire triggers, resets auto-increment, faster). DELETE is DML (can rollback, fires triggers, can use WHERE to target specific rows).
Q: What does ACID stand for?
Atomicity, Consistency, Isolation, Durability. The four properties that guarantee database transactions are reliable.
Q: Can you ROLLBACK a DROP TABLE?
No (in most databases). DDL commands auto-commit. Once you DROP a table, it's gone. PostgreSQL is an exception — it supports transactional DDL.
Interview Questions
Q: Classify these commands: CREATE, SELECT, GRANT, COMMIT, ALTER, DELETE, REVOKE, ROLLBACK.
- DDL: CREATE, ALTER
- DML: SELECT, DELETE
- DCL: GRANT, REVOKE
- TCL: COMMIT, ROLLBACK
Q: You accidentally deleted all rows from a production table. The transaction is still open. What do you do?
ROLLBACK; — since DELETE is DML and the transaction hasn't been committed, ROLLBACK will undo the delete. If you had used TRUNCATE (DDL), it would have auto-committed and you'd need to restore from a backup.Q: What is the difference between DROP, TRUNCATE, and DELETE?
- DROP (DDL): Removes the entire table — structure, data, indexes, constraints, everything.
- TRUNCATE (DDL): Removes all rows but keeps the table structure. Auto-commits. Cannot use WHERE.
- DELETE (DML): Removes specific rows using WHERE. Can be rolled back. Fires triggers. Slower on large tables.
Q: Explain the principle of least privilege in the context of database security.
Each user or role should have only the minimum permissions needed to do their job. An analyst needs SELECT, not DELETE. An app needs CRUD, not DROP. Only DBAs should have GRANT privileges. This limits blast radius if an account is compromised or a mistake is made. Implemented using DCL (GRANT/REVOKE).
Q: What happens if the database crashes in the middle of a transaction?
The database's recovery mechanism will ROLLBACK any uncommitted transactions when it restarts. This is the "Atomicity" guarantee of ACID — transactions are all-or-nothing. Committed transactions are safe due to "Durability" (they've been written to the write-ahead log on disk).