REVOKE can also be used to revoke an organization role from another organization role or an identity (login or service account).
REVOKE PRIVILEGE
Revokes a permission from a role.Only
org_admin or a role owner can revoke a permission to a role.Syntax
Parameters
| Parameter | Description |
|---|---|
<permission> | The name of the permission to revoke from a role. Permissions that can be revoked vary depending on the object that they apply to. |
<object_type> | The type of the object to revoke permissions from. |
<object_name> | The name of the object to revoke permissions from. |
<role_name> | The name of the role from which the permission will be revoked. |
Examples
RevokeMODIFY permission on an account
The following command revokes the MODIFY permission on the account-1 account from the role account_manager, preventing it from making changes to the account:
MODIFY permissions on all accounts in the organization
The following command revokes MODIFY permissions on all accounts in your organization from the role account_manager, preventing it from making changes to the accounts:
REVOKE ROLE
Revokes an organization role from an identity (login or service account) or from another organization role.Syntax
Parameters
| Parameter | Description |
|---|---|
<role_name> | The name of the role to revoke. |
<login_name> | The name of the login from which to revoke <role_name>. |
<service_account_name> | The name of the service account from which to revoke <role_name>. |
<role_name_2> | The name of the role from which to revoke the role. |
Example
Revoke a role from another role The following command removes therole_name role from role_name_2, revoking access to permissions granted to role_name:
role_name from a login "alexs@acme.com", removing the login’s access to the permissions granted by role_name:
role_name from a service account service_account_name, removing the service account’s access to the permissions granted by role_name: