Categories:

User & Security DDL (Access Control)

REVOKE privilege

Removes a privilege from a role or share.

See also:

GRANT privilege , GRANT OWNERSHIP

Syntax

Due to the large number of object types supported for REVOKE, only the syntax for TABLE objects is provided. The syntax for all other object types is identical except the privileges are different depending on the object type.

REVOKE [ GRANT OPTION FOR ]
  { { SELECT | INSERT | UPDATE | DELETE | TRUNCATE } [ , ...] | ALL [ PRIVILEGES ] }
  ON { TABLE <table_name> | ALL TABLES IN SCHEMA <schema_name> }
  FROM ROLE <role_name> [ CASCADE | RESTRICT ]

REVOKE SELECT ON TABLE <table_name>
  FROM SHARE <share_name>

Usage Notes

• RESTRICT is the default revoke behavior for roles. If the grant being revoked had been re-granted to another role, the revoke operation will fail.
• If the CASCADE option is specified, and the grant being revoked has been re-granted, the REVOKE command recursively revokes these dependent grants. If the same privilege on an object has been granted to the target role by a different grantor (parallel grant), that grant will not be affected and the target role will retain the privilege.

Note that security administrators who have been granted MANAGE GRANTS privilege can view and modify any grant assignment in the system.