REVOKE PRIVILEGES

Revoke Organization privileges

Syntax

REVOKE [ CREATE_DATABASE 
       | CREATE_STORE 
       | CREATE_SCHEMA_REGISTRY
       | CREATE_DESCRIPTOR_SOURCE 
       | CREATE_FUNCTION_SOURCE | CREATE_FUNCTION
       | CREATE_QUERY
       | CREATE_CONNECTOR
       | ALL PRIVILEGES
       ]
FROM ROLE role_name [, ...];

Description

Revokes Organization privileges from one or more roles.

The current role requires one of the following privileges:

  • Ownership of Organization

  • MANAGE_GRANTS privilege on Organization

  • Privilege granted to the current role WITH GRANT OPTION.

Arguments

CREATE_DATABASE

Disallow Role from creating Databases under the Organization.

CREATE_STORE

Disallow Role from creating Stores under the Organization.

CREATE_SCHEMA_REGISTRY

Disallow Role from creating Schema Registries under the Organization.

CREATE_DESCRIPTOR_SOURCE

Disallow Role from uploading Descriptor Sources to the Organization.

CREATE_FUNCTION_SOURCE

Disallow Role from uploading UDF and UDAF sources to the Organization.

CREATE_FUNCTION

Disallow Role from creating UDFs or UDAFs under the Organization.

CREATE_QUERY

Disallow Role from launching any Query under the Organization.

MANAGE_MEMBERS

Disallow Role from managing Roles, Invitations and Users.

MANAGE_GRANTS

Disallow Role from managing Privilege grants within the Organization.

ALL PRIVILEGES

Revoke all Privileges listed above to the Role.

role_name [, ...]

One or more Roles to revoke the privileges from.

Revoke Database privileges

Syntax

REVOKE [ USAGE 
       | CREATE
       | ALL PRIVILEGES
       ]
ON DATABASE database_name
FROM ROLE role_name [, ...];

Description

Revoke Database privileges from one or more roles.

Arguments

USAGE

Disallow Role from listing, or using the Database.

CREATE

Disallow Role from creating Schemas under the Database.

ALL PRIVILEGES

Revoke all the Privileges listed above from the Role.

database_name

The name of the Database to revoke privileges on.

role_name [, ...]

One or more Roles to revoke the privileges from.

Revoke Database Schema privileges

Syntax

REVOKE [ USAGE 
       | CREATE
       | ALL PRIVILEGES
       ]
ON SCHEMA schema_name
FROM ROLE role_name [, ...];

Description

Revokes Schema privileges from one or more roles.

Arguments

USAGE

Disallow Role from listing, and using the Schema.

CREATE

Disallow Role from creating Relations under the Schema.

ALL PRIVILEGES

Revoke all the Privileges listed above to the Role.

schema_name

The qualified name of the Schema to revoke privileges from. This name can include a specific Database name to form a fully qualified name in the format of <database_name>.<schema_name>, otherwise the current Database name in the session is used.

role_name [, ...]

One or more Roles to revoke the privileges from.

Revoke Store privileges

Syntax

REVOKE [ USAGE 
       | ALL PRIVILEGES
       ]
ON STORE store_name
FROM ROLE role_name [, ...];

Description

Revokes Store privileges from one or more roles.

Arguments

USAGE

Disallow Role from listing, and using the Store.

store_name

The name of the Store to revoke privileges on.

role_name [, ...]

One or more Roles to revoke the privileges from.

Revoke Descriptor Source privileges

Syntax

REVOKE [ USAGE 
       | ALL PRIVILEGES
       ]
ON DESCRIPTOR_SOURCE descriptor_source_name
FROM ROLE role_name [, ...];

Description

Revoke Descriptor Source privileges from one or more roles.

Arguments

USAGE

Disallow Role from listing, and using the Descriptor Source.

descriptor_source_name

The name of the Descriptor Source to revoke privileges on.

role_name [, ...]

One or more Roles to revoke the privileges from.

Revoke Relation privileges

Syntax

REVOKE [ SELECT
       | INSERT
       | ALL PRIVILEGES
       ]
ON RELATION relation_name
FROM ROLE role_name [, ...];

Description

Revokes Relation privileges from one or more roles.

Arguments

SELECT

Disallow Role from creating a Query and using the relation as a source.

INSERT

Disallow Role from creating a Query and using the relation as a sink.

relation_name

The name of the Relation to revoke privileges from. Optionally, provide Database and Schema name for a fully qualified relation name in the format of [<database_name>.<schema_name>.]<relation_name>, e.g. db1.public.pageviews. Otherwise, the current Database and Schema will be used to identify the Relation.

role_name [, ...]

One or more Roles to revoke the privileges from.

Revoke Function Source privileges

Syntax

REVOKE [ USAGE 
       | ALL PRIVILEGES
       ]
ON FUNCTION_SOURCE function_source_name
FROM ROLE role_name [, ...]
[WITH GRANT OPTION];

Description

Revokes Function Source privileges from one or more roles.

Arguments

USAGE

Disallow Role from listing, and using the Function Source.

descriptor_source_name

The name of the Function Source to revoke privileges on.

role_name [, ...]

One or more Roles to revoke the privileges from.

Revoke Function privileges

Syntax

REVOKE [ USAGE 
       | ALL PRIVILEGES
       ]
ON FUNCTION function_identifier
FROM ROLE role_name [, ...]
[WITH GRANT OPTION];

Description

Revokes Function privileges from one or more roles.

Arguments

USAGE

Disallow Role from listing, and using the Function.

descriptor_source_name

The name of the Function to revoke privileges on.

role_name [, ...]

One or more Roles to revoke the privileges from.

Last updated