REVOKE ROLE
Syntax
Copy
REVOKE ROLE role_name [, ...]
[
FROM USER user_email
| FROM ROLE role_name [, ...]
];Description
Revoke access to role(s) from a user or other role(s). This prevents a user from USE ROLE and removes all the privileges previously granted to the role, respectively.
The current role requires one of the following privileges:
Ownership of organization
MANAGE_MEMBERSprivilege on organizationOWNERprivilege on both parent and child roles (when revoking from role(s))
Arguments
role_name [, role_name...]
One or more roles to revoke.
user_email
Email of the user from whom you are revoking roles.
role_name [, role_name...]
One or more roles that are revoked from role(s).
Examples
Revoke role from a user
<no-db>/<no-store># REVOKE ROLE custom_role FROM USER 'emailfbdad716-3abf-4484-b783-5ad48d32f039@deltastream.io';
+-------------+------------+------------------------------------------+
| Type | Command | Summary |
+=============+============+==========================================+
| role revoke | ALTER | Role(s) "custom_role" revoked from user |
| | | "emailfbdad716-3abf-4484-b783-5ad48d32f0 |
| | | 39@deltastream.io" |
+-------------+------------+------------------------------------------+
<no-db>/<no-store># LIST USER ROLES;
+---------------+-------------+-------------+---------------+
| Name | Is Current | Is Default | Is Inherited |
+===============+=============+=============+===============+
| orgadmin | false | false | false |
+---------------+-------------+-------------+---------------+
| public | false | false | true |
+---------------+-------------+-------------+---------------+
| securityadmin | false | false | true |
+---------------+-------------+-------------+---------------+
| useradmin | true | false | true |
+---------------+-------------+-------------+---------------+
| sysadmin | false | true | true |
+---------------+-------------+-------------+---------------+Revoke role from another role
<no-db>/<no-store># DESCRIBE ROLE sysadmin;
+--------------+------------+--------------------------+--------------------+-------------+
| Type | Name | Privilege | With Grant Option | Granted By |
+==============+============+==========================+====================+=============+
| role | public | usage | false | orgadmin |
+--------------+------------+--------------------------+--------------------+-------------+
| role | useradmin | usage | false | useradmin |
+--------------+------------+--------------------------+--------------------+-------------+
| organization | uuid... | create_database | true | orgadmin |
+--------------+------------+--------------------------+--------------------+-------------+
| organization | uuid... | create_descriptor_source | true | orgadmin |
+--------------+------------+--------------------------+--------------------+-------------+
| organization | uuid... | create_function_source | true | orgadmin |
+--------------+------------+--------------------------+--------------------+-------------+
| organization | uuid... | create_function | true | orgadmin |
+--------------+------------+--------------------------+--------------------+-------------+
| organization | uuid... | create_store | true | orgadmin |
+--------------+------------+--------------------------+--------------------+-------------+
| organization | uuid... | create_query | true | orgadmin |
+--------------+------------+--------------------------+--------------------+-------------+
| organization | uuid... | usage | true | orgadmin |
+--------------+------------+--------------------------+--------------------+-------------+
| organization | uuid... | create_schema_registry | true | orgadmin |
+--------------+------------+--------------------------+--------------------+-------------+
| organization | uuid... | create_connector | true | orgadmin |
+--------------+------------+--------------------------+--------------------+-------------+
| organization | uuid... | create_secret | true | orgadmin |
+--------------+------------+--------------------------+--------------------+-------------+
| organization | uuid... | create_aws_private_link | true | orgadmin |
+--------------+------------+--------------------------+--------------------+-------------+
| role | useradmin | usage | false | useradmin |
+--------------+------------+--------------------------+--------------------+-------------+
<no-db>/<no-store># REVOKE ROLE useradmin FROM ROLE sysadmin;
+-------------+------------+------------------------------------------+
| Type | Command | Summary |
+=============+============+==========================================+
| role revoke | ALTER | Role(s) "useradmin" revoked from |
| | | role(s) "sysadmin" |
+-------------+------------+------------------------------------------+
<no-db>/<no-store># DESCRIBE ROLE sysadmin;
+--------------+------------+--------------------------+--------------------+-------------+
| Type | Name | Privilege | With Grant Option | Granted By |
+==============+============+==========================+====================+=============+
| role | public | usage | false | orgadmin |
+--------------+------------+--------------------------+--------------------+-------------+
| organization | uuid... | create_database | true | orgadmin |
+--------------+------------+--------------------------+--------------------+-------------+
| organization | uuid... | create_descriptor_source | true | orgadmin |
+--------------+------------+--------------------------+--------------------+-------------+
| organization | uuid... | create_function_source | true | orgadmin |
+--------------+------------+--------------------------+--------------------+-------------+
| organization | uuid... | create_function | true | orgadmin |
+--------------+------------+--------------------------+--------------------+-------------+
| organization | uuid... | create_store | true | orgadmin |
+--------------+------------+--------------------------+--------------------+-------------+
| organization | uuid... | create_query | true | orgadmin |
+--------------+------------+--------------------------+--------------------+-------------+
| organization | uuid... | usage | true | orgadmin |
+--------------+------------+--------------------------+--------------------+-------------+
| organization | uuid... | create_schema_registry | true | orgadmin |
+--------------+------------+--------------------------+--------------------+-------------+
| organization | uuid... | create_connector | true | orgadmin |
+--------------+------------+--------------------------+--------------------+-------------+
| organization | uuid... | create_secret | true | orgadmin |
+--------------+------------+--------------------------+--------------------+-------------+
| organization | uuid... | create_aws_private_link | true | orgadmin |
+--------------+------------+--------------------------+--------------------+-------------+Last updated