REVOKE PRIVILEGES

Revoke Organization Privileges

Syntax

REVOKE [ CREATE_DATABASE 
       | CREATE_STORE 
       | CREATE_SCHEMA_REGISTRY
       | CREATE_DESCRIPTOR_SOURCE 
       | CREATE_FUNCTION_SOURCE | CREATE_FUNCTION
       | CREATE_QUERY
       | CREATE_CONNECTOR
       | ALL PRIVILEGES
       ]
FROM ROLE role_name [, ...];

Description

Revokes from one or more roles.

The current role requires one of the following privileges:

• Ownership of organization

• MANAGE_GRANTS privilege on organization

• Privilege granted to the current role WITH GRANT OPTION.

Arguments

CREATE_DATABASE

CREATE_STORE

CREATE_SCHEMA_REGISTRY

CREATE_DESCRIPTOR_SOURCE

CREATE_FUNCTION_SOURCE

CREATE_FUNCTION

CREATE_QUERY

MANAGE_MEMBERS

MANAGE_GRANTS

Disallow role from managing privilege grants within the organization.

ALL PRIVILEGES

Revoke all privileges listed above from the role.

role_name [, ...]

Revoke Database Privileges

Syntax

REVOKE [ USAGE 
       | CREATE
       | ALL PRIVILEGES
       ]
ON DATABASE database_name
FROM ROLE role_name [, ...];

Description

Arguments

USAGE

Disallow role from listing or using the database.

CREATE

Disallow role from creating schemas under the database.

ALL PRIVILEGES

Revoke all the privileges listed above from the role.

database_name

The name of the database on which to revoke privileges.

role_name [, ...]

Revoke Database Schema Privileges

Syntax

REVOKE [ USAGE 
       | CREATE
       | ALL PRIVILEGES
       ]
ON SCHEMA schema_name
FROM ROLE role_name [, ...];

Description

Revokes schema privileges from one or more roles.

Arguments

USAGE

Disallow role from listing and using the schema.

CREATE

Disallow role from creating relations under the schema.

ALL PRIVILEGES

Revoke all the privileges listed above from the role.

schema_name

The qualified name of the schema from which to revoke privileges. This name can include a specific database name to form a fully-qualified name in the format of <database_name>.<schema_name>; otherwise the system uses the current database name in the session.

role_name [, ...]

Revoke Store Privileges

Syntax

REVOKE [ USAGE 
       | ALL PRIVILEGES
       ]
ON STORE store_name
FROM ROLE role_name [, ...];

Description

Revokes store privileges from one or more roles.

Arguments

USAGE

Disallow role from listing and using the store.

store_name

The name of the store from which to revoke privileges.

role_name [, ...]

Revoke Descriptor Source Privileges

Syntax

REVOKE [ USAGE 
       | ALL PRIVILEGES
       ]
ON DESCRIPTOR_SOURCE descriptor_source_name
FROM ROLE role_name [, ...];

Description

Arguments

USAGE

Disallow role from listing and using the descriptor source.

descriptor_source_name

The name of the descriptor source on which to revoke privileges.

role_name [, ...]

Revoke Relation Privileges

Syntax

REVOKE [ SELECT
       | INSERT
       | ALL PRIVILEGES
       ]
ON RELATION relation_name
FROM ROLE role_name [, ...];

Description

Arguments

SELECT

INSERT

relation_name

role_name [, ...]

Revoke Function Source Privileges

Syntax

REVOKE [ USAGE 
       | ALL PRIVILEGES
       ]
ON FUNCTION_SOURCE function_source_name
FROM ROLE role_name [, ...]
[WITH GRANT OPTION];

Description

Arguments

USAGE

Disallow role from listing and using the function source.

descriptor_source_name

The name of the function source on which to revoke privileges.

role_name [, ...]

Revoke Function Privileges

Syntax

REVOKE [ USAGE 
       | ALL PRIVILEGES
       ]
ON FUNCTION function_identifier
FROM ROLE role_name [, ...]
[WITH GRANT OPTION];

Description

Arguments

USAGE

Disallow role from listing and using the function.

descriptor_source_name

The name of the function on which to revoke privileges.

role_name [, ...]