REVOKE privilege#
Synopsis#
REVOKE [ GRANT OPTION FOR ]
( privilege [, ...] | ALL PRIVILEGES )
ON ( table_name |
TABLE table_name |
SCHEMA schema_name |
MY ACCOUNT |
CLUSTER cluster_name |
CATALOG catalog_name |
COLUMN column_name |
LOCATION table_location |
FUNCTION function_name |
DATA_PRODUCT data_product_name
)
FROM ROLE role
Description#
Revokes the specified privileges from the specified grantee.
Specifying ALL PRIVILEGES
revokes all entity kind privileges on the entity
from the supplied role. If the entity is a table, SELECT, UPDATE,
DELETE and INSERT privileges are be revoked.
The schema_name
may be a “qualified name”, where the catalog is specified
explicitly, e.g., my_catalog.my_schema
. If the catalog is not supplied the
current session catalog is used.
The table_name
, function_name
or column_name
may be “qualified names” in
which the schema and sometimes the catalog are explicit. For example, the table
my_catalog.my_schema.my_table
, in which all components are explicit, and
my_schema.my_table
, in which the schema is explicit and the catalog defaults
to the session catalog.
Specifying ROLE PUBLIC
revokes privileges from the PUBLIC
role. Users retain
privileges assigned to them directly or via other roles.
If the optional GRANT OPTION FOR
clause is specified, only the GRANT OPTION
is removed. Otherwise, both the GRANT
and GRANT OPTION
are revoked.
For REVOKE
statement to succeed, the user executing it should possess the
specified privileges as well as the GRANT OPTION
for those privileges.
Revoke on a table revokes the specified privilege on all columns of the table.
Revoke on a schema revokes the specified privilege on all columns of all tables of the schema.
To revoke an account privilege, the entity kind and account must be MY ACCOUNT
.
Examples#
Revoke INSERT
and SELECT
privileges on the table orders
from role orders_admin
:
REVOKE INSERT, SELECT ON orders FROM ROLE orders_admin;
Revoke DELETE
privilege on the schema finance
from role finance_admin
:
REVOKE DELETE ON SCHEMA finance FROM ROLE finance_admin;
Revoke SELECT
privilege on the table nation
from everyone, additionally revoking the privilege to grant SELECT
privilege:
REVOKE GRANT OPTION FOR SELECT ON nation FROM ROLE PUBLIC;
Revoke all privileges on the table test
from role orders_admin
:
REVOKE ALL PRIVILEGES ON test FROM ROLE orders_admin;
Revoke cluster privilege USE_CLUSTER
on cluster demo_cluster
from role
data_user
:
REVOKE USE_CLUSTER ON CLUSTER demo_cluster FROM ROLE data_user;
Revoke the ability of role roles_admin
to grant account privilege
CREATE_ROLE
to other roles:
REVOKE GRANT OPTION FOR CREATE_ROLE ON MY ACCOUNT FROM ROLE roles_admin;
See also#
SQL entity kinds and privileges, DENY, GRANT privilege, SHOW GRANTS