# REVOKE PRIVILEGES

## Revoke Organization Privileges

### Syntax

```sql
REVOKE [ CREATE_COMPUTE_POOL
       | CREATE_DATABASE 
       | CREATE_STORE 
       | CREATE_SCHEMA_REGISTRY
       | CREATE_DESCRIPTOR_SOURCE 
       | CREATE_FUNCTION_SOURCE | CREATE_FUNCTION
       | CREATE_QUERY
       | CREATE_CONNECTOR
       | ALL PRIVILEGES
       ]
FROM ROLE role_name [, ...];
```

### Description

Revokes [organization](https://docs.deltastream.io/overview/core-concepts/access-control#_organiation) [privileges](https://docs.deltastream.io/overview/core-concepts/access-control#_privilege) from one or more roles.

The current role requires one of the following privileges:

* Ownership of organization
* `MANAGE_GRANTS` privilege on organization
* Privilege granted to the current role `WITH GRANT OPTION`.

### Arguments

#### CREATE\_COMPUTE\_POOL

Disallow role from creating [compute\_pools](https://docs.deltastream.io/overview/core-concepts/compute-pools) under the organization.

#### CREATE\_DATABASE

Disallow role from creating [databases](https://docs.deltastream.io/overview/core-concepts/databases) under the organization.

#### CREATE\_STORE

Disallow role from creating [stores](https://docs.deltastream.io/overview/core-concepts/store) under the organization.

#### CREATE\_SCHEMA\_REGISTRY

Disallow role from creating [schema registries](https://docs.deltastream.io/reference/data-format-serialization#_schema_registry) under the organization.

#### CREATE\_DESCRIPTOR\_SOURCE

Disallow role from uploading [descriptor sources](https://docs.deltastream.io/reference/data-format-serialization#protocol-buffers-and-descriptors) to the organization.

#### CREATE\_FUNCTION\_SOURCE

Disallow role from uploading [UDF and UDAF sources](https://docs.deltastream.io/overview/core-concepts/function) to the organization.

#### CREATE\_FUNCTION

Disallow role from creating [UDFs or UDAFs](https://docs.deltastream.io/overview/core-concepts/function) under the organization.

#### CREATE\_QUERY

Disallow role from launching any [query](https://docs.deltastream.io/overview/core-concepts/queries) under the organization.

#### MANAGE\_MEMBERS

Disallow role from managing [roles](https://docs.deltastream.io/overview/core-concepts/access-control#_role), invitations, and users.

#### MANAGE\_GRANTS

Disallow role from managing privilege grants within the organization.

#### ALL PRIVILEGES

Revoke all privileges listed above from the role.

#### role\_name \[, ...]

One or more [roles](https://docs.deltastream.io/overview/core-concepts/access-control#_role) from which to revoke the privileges.

## Revoke compute\_pool Privileges

### Syntax

```sql
REVOKE [ USAGE 
       | ALL PRIVILEGES
       ]
ON COMPUTE_POOL compute_pool_name
FROM ROLE role_name [, ...];
```

### Description

Revoke [compute\_pool](https://docs.deltastream.io/overview/core-concepts/compute-pools) privileges from one or more roles.

### Arguments

#### USAGE

Disallow role from listing or using the compute\_pool.

#### ALL PRIVILEGES

Revoke all the privileges listed above from the role.

#### compute\_pool\_name

The name of the compute\_pool on which to revoke privileges.

#### role\_name \[, ...]

One or more [roles](https://docs.deltastream.io/overview/core-concepts/access-control#_role) from which to revoke the privileges.

## Revoke Database Privileges

### Syntax

```sql
REVOKE [ USAGE 
       | CREATE
       | ALL PRIVILEGES
       ]
ON DATABASE database_name
FROM ROLE role_name [, ...];
```

### Description

Revoke [database](https://docs.deltastream.io/overview/core-concepts/databases) privileges from one or more roles.

### Arguments

#### USAGE

Disallow role from listing or using the database.

#### CREATE

Disallow role from creating schemas under the database.

#### ALL PRIVILEGES

Revoke all the privileges listed above from the role.

#### database\_name

The name of the database on which to revoke privileges.

#### role\_name \[, ...]

One or more [roles](https://docs.deltastream.io/overview/core-concepts/access-control#_role) from which to revoke the privileges.

## Revoke Database Schema Privileges

### Syntax

```sql
REVOKE [ USAGE 
       | CREATE
       | ALL PRIVILEGES
       ]
ON SCHEMA schema_name
FROM ROLE role_name [, ...];
```

### Description

Revokes schema privileges from one or more roles.

### Arguments

#### USAGE

Disallow role from listing and using the schema.

#### CREATE

Disallow role from creating relations under the schema.

#### ALL PRIVILEGES

Revoke all the privileges listed above from the role.

#### schema\_name

The qualified name of the schema from which to revoke privileges. This name can include a specific database name to form a fully-qualified name in the format of `<database_name>.<schema_name>`; otherwise the system uses the current database name in the session.

#### role\_name \[, ...]

One or more [roles](https://docs.deltastream.io/overview/core-concepts/access-control#_role) from which to revoke the privileges.

## Revoke Store Privileges

### Syntax

```sql
REVOKE [ USAGE 
       | ALL PRIVILEGES
       ]
ON STORE store_name
FROM ROLE role_name [, ...];
```

### Description

Revokes store privileges from one or more roles.

### Arguments

#### USAGE

Disallow role from listing and using the store.

#### store\_name

The name of the store from which to revoke privileges.

#### role\_name \[, ...]

One or more [roles](https://docs.deltastream.io/overview/core-concepts/access-control#_role) from whichto revoke the privileges.

## Revoke Descriptor Source Privileges

### Syntax

```sql
REVOKE [ USAGE 
       | ALL PRIVILEGES
       ]
ON DESCRIPTOR_SOURCE descriptor_source_name
FROM ROLE role_name [, ...];
```

### Description

Revoke [descriptor source](https://docs.deltastream.io/reference/data-format-serialization#protocol-buffers-and-descriptors) privileges from one or more roles.

### Arguments

#### USAGE

Disallow role from listing and using the descriptor source.

#### descriptor\_source\_name

The name of the descriptor source on which to revoke privileges.

#### role\_name \[, ...]

One or more [roles](https://docs.deltastream.io/overview/core-concepts/access-control#_role) from which to revoke the privileges.

## Revoke Relation Privileges

### Syntax

```sql
REVOKE [ SELECT
       | INSERT
       | ALL PRIVILEGES
       ]
ON RELATION relation_name
FROM ROLE role_name [, ...];
```

### Description

Revokes [relation](https://docs.deltastream.io/overview/core-concepts/databases#_relation) privileges from one or more roles.

### Arguments

#### SELECT

Disallow role from creating a [query](https://docs.deltastream.io/overview/core-concepts/queries) and using the relation as a source.

#### INSERT

Disallow role from creating a [query](https://docs.deltastream.io/overview/core-concepts/queries) and using the relation as a sink.

#### relation\_name

The name of the relation from which to revoke privileges. Optionally, provide [database](https://docs.deltastream.io/overview/core-concepts/databases) and [schema](https://docs.deltastream.io/overview/core-concepts/databases#_schema) name for a fully-qualified relation name in the format of `[<database_name>.<schema_name>.]<relation_name>` — for example, `db1.public.pageviews`. Otherwise, the system uses the current database and schema to identify the relation.

#### role\_name \[, ...]

One or more [roles](https://docs.deltastream.io/overview/core-concepts/access-control#_role) from which to revoke the privileges.

## Revoke Function Source Privileges

### Syntax

```sql
REVOKE [ USAGE 
       | ALL PRIVILEGES
       ]
ON FUNCTION_SOURCE function_source_name
FROM ROLE role_name [, ...]
[WITH GRANT OPTION];
```

### Description

Revokes [function source](https://docs.deltastream.io/overview/core-concepts/function) privileges from one or more roles.

### Arguments

#### USAGE

Disallow role from listing and using the function source.

#### descriptor\_source\_name

The name of the function source on which to revoke privileges.

#### role\_name \[, ...]

One or more [roles](https://docs.deltastream.io/overview/core-concepts/access-control#_role) from which to revoke the privileges.

## Revoke Function Privileges

### Syntax

```sql
REVOKE [ USAGE 
       | ALL PRIVILEGES
       ]
ON FUNCTION function_identifier
FROM ROLE role_name [, ...]
[WITH GRANT OPTION];
```

### Description

Revokes [function](https://docs.deltastream.io/overview/core-concepts/function) privileges from one or more roles.

### Arguments

#### USAGE

Disallow role from listing and using the function.

#### descriptor\_source\_name

The name of the function on which to revoke privileges.

#### role\_name \[, ...]

One or more [roles](https://docs.deltastream.io/overview/core-concepts/access-control#_role) from which to revoke the privileges.