REVOKE PRIVILEGES

Revoke Organization Privileges

Syntax

REVOKE [ CREATE_DATABASE 
       | CREATE_STORE 
       | CREATE_SCHEMA_REGISTRY
       | CREATE_DESCRIPTOR_SOURCE 
       | CREATE_FUNCTION_SOURCE | CREATE_FUNCTION
       | CREATE_QUERY
       | CREATE_CONNECTOR
       | ALL PRIVILEGES
       ]
FROM ROLE role_name [, ...];

Description

Revokes organization privileges from one or more roles.

The current role requires one of the following privileges:

Ownership of organization
MANAGE_GRANTS privilege on organization
Privilege granted to the current role WITH GRANT OPTION.

Arguments

CREATE_DATABASE

Disallow role from creating databases under the organization.

CREATE_STORE

Disallow role from creating stores under the organization.

CREATE_SCHEMA_REGISTRY

Disallow role from creating schema registries under the organization.

CREATE_DESCRIPTOR_SOURCE

Disallow role from uploading descriptor sources to the organization.

CREATE_FUNCTION_SOURCE

Disallow role from uploading UDF and UDAF sources to the organization.

CREATE_FUNCTION

Disallow role from creating UDFs or UDAFs under the organization.

CREATE_QUERY

Disallow role from launching any query under the organization.

MANAGE_MEMBERS

Disallow role from managing roles, invitations, and users.

MANAGE_GRANTS

Disallow role from managing privilege grants within the organization.

ALL PRIVILEGES

Revoke all privileges listed above from the role.

role_name [, ...]

One or more roles from which to revoke the privileges.

Revoke Database Privileges

Syntax

REVOKE [ USAGE 
       | CREATE
       | ALL PRIVILEGES
       ]
ON DATABASE database_name
FROM ROLE role_name [, ...];

Description

Revoke database privileges from one or more roles.

Arguments

USAGE

Disallow role from listing or using the database.

CREATE

Disallow role from creating schemas under the database.

ALL PRIVILEGES

Revoke all the privileges listed above from the role.

database_name

The name of the database on which to revoke privileges.

role_name [, ...]

One or more roles from which to revoke the privileges.

Revoke Database Schema Privileges

Syntax

REVOKE [ USAGE 
       | CREATE
       | ALL PRIVILEGES
       ]
ON SCHEMA schema_name
FROM ROLE role_name [, ...];

Description

Revokes schema privileges from one or more roles.

Arguments

USAGE

Disallow role from listing and using the schema.

CREATE

Disallow role from creating relations under the schema.

ALL PRIVILEGES

Revoke all the privileges listed above from the role.

schema_name

The qualified name of the schema from which to revoke privileges. This name can include a specific database name to form a fully-qualified name in the format of <database_name>.<schema_name>; otherwise the system uses the current database name in the session.

role_name [, ...]

One or more roles from which to revoke the privileges.

Revoke Store Privileges

Syntax

REVOKE [ USAGE 
       | ALL PRIVILEGES
       ]
ON STORE store_name
FROM ROLE role_name [, ...];

Description

Revokes store privileges from one or more roles.

Arguments

USAGE

Disallow role from listing and using the store.

store_name

The name of the store from which to revoke privileges.

role_name [, ...]

One or more roles from whichto revoke the privileges.

Revoke Descriptor Source Privileges

Syntax

REVOKE [ USAGE 
       | ALL PRIVILEGES
       ]
ON DESCRIPTOR_SOURCE descriptor_source_name
FROM ROLE role_name [, ...];

Description

Revoke descriptor source privileges from one or more roles.

Arguments

USAGE

Disallow role from listing and using the descriptor source.

descriptor_source_name

The name of the descriptor source on which to revoke privileges.

role_name [, ...]

One or more roles from which to revoke the privileges.

Revoke Relation Privileges

Syntax

REVOKE [ SELECT
       | INSERT
       | ALL PRIVILEGES
       ]
ON RELATION relation_name
FROM ROLE role_name [, ...];

Description

Revokes relation privileges from one or more roles.

Arguments

SELECT

Disallow role from creating a query and using the relation as a source.

INSERT

Disallow role from creating a query and using the relation as a sink.

relation_name

The name of the relation from which to revoke privileges. Optionally, provide database and schema name for a fully-qualified relation name in the format of [<database_name>.<schema_name>.]<relation_name> — for example, db1.public.pageviews. Otherwise, the system uses the current database and schema to identify the relation.

role_name [, ...]

One or more roles from which to revoke the privileges.

Revoke Function Source Privileges

Syntax

REVOKE [ USAGE 
       | ALL PRIVILEGES
       ]
ON FUNCTION_SOURCE function_source_name
FROM ROLE role_name [, ...]
[WITH GRANT OPTION];

Description

Revokes function source privileges from one or more roles.

Arguments

USAGE

Disallow role from listing and using the function source.

descriptor_source_name

The name of the function source on which to revoke privileges.

role_name [, ...]

One or more roles from which to revoke the privileges.

Revoke Function Privileges

Syntax

REVOKE [ USAGE 
       | ALL PRIVILEGES
       ]
ON FUNCTION function_identifier
FROM ROLE role_name [, ...]
[WITH GRANT OPTION];

Description

Revokes function privileges from one or more roles.

Arguments

USAGE

Disallow role from listing and using the function.

descriptor_source_name

The name of the function on which to revoke privileges.

role_name [, ...]

One or more roles from which to revoke the privileges.

PreviousREVOKE INVITATION NextREVOKE ROLE

Last updated 3 months ago