From 6c84cd0ef4bc0573209aa20c475cb15acf8da88d Mon Sep 17 00:00:00 2001
From: Andreja Tonev <andreja.tonev@memgraph.io>
Date: Wed, 8 Oct 2025 14:09:22 +0200
Subject: [PATCH] Fix deny/revoke database query

---
 .../authentication-and-authorization/multiple-roles.mdx     | 6 +++---
 pages/database-management/multi-tenancy.mdx                 | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/pages/database-management/authentication-and-authorization/multiple-roles.mdx b/pages/database-management/authentication-and-authorization/multiple-roles.mdx
index c1d19ac2c..b603a9dbb 100644
--- a/pages/database-management/authentication-and-authorization/multiple-roles.mdx
+++ b/pages/database-management/authentication-and-authorization/multiple-roles.mdx
@@ -48,10 +48,10 @@ permissions:
 GRANT DATABASE db_name TO user_or_role;
 
 -- Deny database access
-DENY DATABASE db_name TO user_or_role;
+DENY DATABASE db_name FROM user_or_role;
 
 -- Revoke database access
-REVOKE DATABASE db_name TO user_or_role;
+REVOKE DATABASE db_name FROM user_or_role;
 ```
 
 ### How database access works
@@ -94,7 +94,7 @@ When roles have conflicting database access, deny takes precedence:
 GRANT DATABASE db1 TO role1;
 
 -- Role2 denies access to db1
-DENY DATABASE db1 TO role2;
+DENY DATABASE db1 FROM role2;
 
 -- User with both roles
 SET ROLE FOR user TO role1, role2;
diff --git a/pages/database-management/multi-tenancy.mdx b/pages/database-management/multi-tenancy.mdx
index 8d47e6000..e5933fb2d 100644
--- a/pages/database-management/multi-tenancy.mdx
+++ b/pages/database-management/multi-tenancy.mdx
@@ -254,7 +254,7 @@ User-role mappings are simple maps located in the user. Deleting or renaming the
 </Callout>
 
 Access to all databases can be granted or revoked using wildcards:
-`GRANT DATABASE * TO user;`, `DENY DATABASE * TO user;` or 
+`GRANT DATABASE * TO user;`, `DENY DATABASE * FROM user;` or 
 `REVOKE DATABASE * FROM user;`.
 
 ### Multi-database queries and the memgraph database