Skip to main content
Revokes permissions from a role. REVOKE can also be used to revoke a role from another role or a user. For more information, see Role-based access control.

REVOKE PRIVILEGE

Revokes a permission from a role.
Only account_admin or a role owner can revoke a permission to a role.

Syntax

To revoke SELECT on specific columns of a table, use the column-list syntax:
Column-list REVOKE subtracts only from the column-scoped grant. It does not affect table-level SELECT grants. A table-level REVOKE SELECT ON TABLE (without a column list) removes all SELECT on that table, including any column-scoped grants. For more information, see Column-level security.

Parameters

Examples

Revoke MODIFY permission on a database The following code example revokes the MODIFY permission on the db database from the role user_role, preventing it from making changes to the database:
Revoke all permissions on a database The following code example revokes the all permissions on the db database from the role user_role, preventing all operations on it:
Revoke USAGE permissions on all databases in an account The following code example revokes USAGE permissions on all databases in the dev account from the role user_role, preventing it from accessing metadata or using those databases:
Revoke SELECT permission on a specific table The following code example sets the active database to db and revokes user_role’s permission to read data from the my_table table in the public schema.:
Revoke SELECT on specific columns of a table The following code example revokes user_role’s permission to read the email column from my_table, while retaining access to any other granted columns:
For more information, see Column-level security. Revoke SELECT permission on all tables in a schema The following code revokes user_role’s permission to read data from all existing and future tables in the public schema of the db database:
Revoke MODIFY permission on a database while retaining it on all other databases in the dev account The following code example revokes the MODIFY permission on the db database from the role user_role, while keeping it for any other existing and future databases of the account:

REVOKE ROLE

Revokes a role from a user or from another role.

Syntax

Parameters

Examples

Revoke a role from another role The following code example removes the role_name role from role_name_2, revoking access to permissions granted to role_name:
Revoke a role from a user The following command revokes role role_name from user user_name, removing the user’s access to the permissions granted to role_name: