Revoking User Access
Go Up to Planning Security
Use the REVOKE
statement to remove privileges that were assigned with the GRANT
statement.
At a minimum, REVOKE
requires parameters that specify the following:
- One access privilege to remove.
- The table or view to which the privilege revocation applies.
- The name of the grantee for which the privilege is revoked.
In its full form, REVOKE
removes all the privileges that GRANT
can assign.
REVOKE <privileges> ON [TABLE] {tablename | viewname} FROM {<object> | <userlist> | GROUP UNIX_group}; <privileges> = ALL [PRIVILEGES] | <privilege_list> <privilege_list> = { SELECT | DELETE | INSERT | UPDATE [(col [, col …])] | REFERENCES [(col [, col …])] } [, <privilege_list> …] <object> = { PROCEDURE procname | TRIGGER trigname | VIEW viewname | PUBLIC } [, <object> …] <userlist> = [USER] username [, [USER] username …]
The following statement removes the SELECT
privilege for the user, SUSAN
, on the DEPARTMENTS
table:
REVOKE SELECT ON DEPARTMENTS FROM SUSAN;
The following statement removes the UPDATE
privilege for the procedure, MONEY_TRANSFER
, on the ACCOUNTS
table:
REVOKE UPDATE ON ACCOUNTS FROM PROCEDURE MONEY_TRANSER;
The next statement removes EXECUTE
privilege for the procedure, ACCT_MAINT
, on the MONEY_TRANSFER
procedure:
REVOKE EXECUTE ON PROCEDURE MONEY_TRANSER FROM PROCEDURE ACCT_MAINT;
For the complete syntax of REVOKE
, see REVOKE.