REVOKE can also be used to revoke a role from another role or a user.
For more information, see Role-based access control.
REVOKE PRIVILEGE
Revokes a permission from a role.Only account_admin or a role owner can revoke a permission to a role.
Syntax
SELECT on specific columns of a table, use the column-list syntax:
REVOKE subtracts only from the column-scoped grant. It does not affect table-level SELECT grants. A table-level REVOKE SELECT ON TABLE (without a column list) removes all SELECT on that table, including any column-scoped grants. For more information, see Column-level security.
Parameters
Examples
RevokeMODIFY permission on a database
The following code example revokes the MODIFY permission on the db database from the role user_role, preventing it from making changes to the database:
db database from the role user_role, preventing all operations on it:
USAGE permissions on all databases in an account
The following code example revokes USAGE permissions on all databases in the dev account from the role user_role, preventing it from accessing metadata or using those databases:
SELECT permission on a specific table
The following code example sets the active database to db and revokes user_role’s permission to read data from the my_table table in the public schema.:
SELECT on specific columns of a table
The following code example revokes user_role’s permission to read the email column from my_table, while retaining access to any other granted columns:
SELECT permission on all tables in a schema
The following code revokes user_role’s permission to read data from all existing and future tables in the public schema of the db database:
MODIFY permission on a database while retaining it on all other databases in the dev account
The following code example revokes the MODIFY permission on the db database from the role user_role, while keeping it for any other existing and future databases of the account:
REVOKE ROLE
Revokes a role from a user or from another role.Syntax
Parameters
Examples
Revoke a role from another role The following code example removes therole_name role from role_name_2, revoking access to permissions granted to role_name:
role_name from user user_name, removing the user’s access to the permissions granted to role_name: