REVOKE ROLE
Syntax
Copy
REVOKE ROLE role_name [, ...] {
FROM USER user_email
| FROM ROLE role_name [, ...]
};Description
Revoke access to Role(s) from a User or other Role(s). This prevents a User from USE ROLE and removes all the privileges that were previously granted to the Role, respectively.
The current Role requires one of the following privileges:
Ownership of Organization
MANAGE_MEMBERSprivilege on OrganizationOWNERprivilege on both parent and child roles (when revoking from Role(s))
Arguments
role_name [, role_name...]
One or more Roles to revoke.
user_email
Email of the User, when revoking Roles from a User
role_name [, role_name...]
One or more Roles that are revoked from Role(s).
Examples
Revoke Role from a User
<no-db>/<no-store># REVOKE ROLE custom_role FROM USER 'emailfbdad716-3abf-4484-b783-5ad48d32f039@deltastream.io';
+-------------+------------+------------------------------------------+
| Type | Command | Summary |
+=============+============+==========================================+
| role revoke | ALTER | Role(s) "custom_role" revoked from user |
| | | "emailfbdad716-3abf-4484-b783-5ad48d32f0 |
| | | 39@deltastream.io" |
+-------------+------------+------------------------------------------+
<no-db>/<no-store># LIST USER ROLES;
+---------------+-------------+-------------+---------------+
| Name | Is Current | Is Default | Is Inherited |
+===============+=============+=============+===============+
| orgadmin | false | false | false |
+---------------+-------------+-------------+---------------+
| public | false | false | true |
+---------------+-------------+-------------+---------------+
| securityadmin | false | false | true |
+---------------+-------------+-------------+---------------+
| useradmin | true | false | true |
+---------------+-------------+-------------+---------------+
| sysadmin | false | true | true |
+---------------+-------------+-------------+---------------+Revoke Role from another Role
<no-db>/<no-store># DESCRIBE ROLE sysadmin;
+--------------+------------+--------------------------+--------------------+-------------+
| Type | Name | Privilege | With Grant Option | Granted By |
+==============+============+==========================+====================+=============+
| role | public | usage | false | orgadmin |
+--------------+------------+--------------------------+--------------------+-------------+
| role | useradmin | usage | false | useradmin |
+--------------+------------+--------------------------+--------------------+-------------+
| organization | uuid... | create_database | true | orgadmin |
+--------------+------------+--------------------------+--------------------+-------------+
| organization | uuid... | create_descriptor_source | true | orgadmin |
+--------------+------------+--------------------------+--------------------+-------------+
| organization | uuid... | create_function_source | true | orgadmin |
+--------------+------------+--------------------------+--------------------+-------------+
| organization | uuid... | create_function | true | orgadmin |
+--------------+------------+--------------------------+--------------------+-------------+
| organization | uuid... | create_store | true | orgadmin |
+--------------+------------+--------------------------+--------------------+-------------+
| organization | uuid... | create_query | true | orgadmin |
+--------------+------------+--------------------------+--------------------+-------------+
| organization | uuid... | usage | true | orgadmin |
+--------------+------------+--------------------------+--------------------+-------------+
| organization | uuid... | create_schema_registry | true | orgadmin |
+--------------+------------+--------------------------+--------------------+-------------+
| organization | uuid... | create_connector | true | orgadmin |
+--------------+------------+--------------------------+--------------------+-------------+
| organization | uuid... | create_secret | true | orgadmin |
+--------------+------------+--------------------------+--------------------+-------------+
| organization | uuid... | create_aws_private_link | true | orgadmin |
+--------------+------------+--------------------------+--------------------+-------------+
| role | useradmin | usage | false | useradmin |
+--------------+------------+--------------------------+--------------------+-------------+
<no-db>/<no-store># REVOKE ROLE useradmin FROM ROLE sysadmin;
+-------------+------------+------------------------------------------+
| Type | Command | Summary |
+=============+============+==========================================+
| role revoke | ALTER | Role(s) "useradmin" revoked from |
| | | role(s) "sysadmin" |
+-------------+------------+------------------------------------------+
<no-db>/<no-store># DESCRIBE ROLE sysadmin;
+--------------+------------+--------------------------+--------------------+-------------+
| Type | Name | Privilege | With Grant Option | Granted By |
+==============+============+==========================+====================+=============+
| role | public | usage | false | orgadmin |
+--------------+------------+--------------------------+--------------------+-------------+
| organization | uuid... | create_database | true | orgadmin |
+--------------+------------+--------------------------+--------------------+-------------+
| organization | uuid... | create_descriptor_source | true | orgadmin |
+--------------+------------+--------------------------+--------------------+-------------+
| organization | uuid... | create_function_source | true | orgadmin |
+--------------+------------+--------------------------+--------------------+-------------+
| organization | uuid... | create_function | true | orgadmin |
+--------------+------------+--------------------------+--------------------+-------------+
| organization | uuid... | create_store | true | orgadmin |
+--------------+------------+--------------------------+--------------------+-------------+
| organization | uuid... | create_query | true | orgadmin |
+--------------+------------+--------------------------+--------------------+-------------+
| organization | uuid... | usage | true | orgadmin |
+--------------+------------+--------------------------+--------------------+-------------+
| organization | uuid... | create_schema_registry | true | orgadmin |
+--------------+------------+--------------------------+--------------------+-------------+
| organization | uuid... | create_connector | true | orgadmin |
+--------------+------------+--------------------------+--------------------+-------------+
| organization | uuid... | create_secret | true | orgadmin |
+--------------+------------+--------------------------+--------------------+-------------+
| organization | uuid... | create_aws_private_link | true | orgadmin |
+--------------+------------+--------------------------+--------------------+-------------+Last updated