Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.firebolt.io/llms.txt

Use this file to discover all available pages before exploring further.

Revokes permissions from an organization role. REVOKE can also be used to revoke an organization role from another organization role or an identity (login or service account).

REVOKE PRIVILEGE

Revokes a permission from a role.
Only org_admin or a role owner can revoke a permission to a role.

Syntax

REVOKE <permission> ON <object_type> <object_name> FROM ORGANIZATION ROLE <role_name>

Parameters

ParameterDescription
<permission>The name of the permission to revoke from a role. Permissions that can be revoked vary depending on the object that they apply to.
<object_type>The type of the object to revoke permissions from.
<object_name>The name of the object to revoke permissions from.
<role_name>The name of the role from which the permission will be revoked.

Examples

Revoke MODIFY permission on an account The following command revokes the MODIFY permission on the account-1 account from the role account_manager, preventing it from making changes to the account: 
REVOKE MODIFY ON ACCOUNT "account-1" FROM ORGANIZATION ROLE "account_manager"
Revoke MODIFY permissions on all accounts in the organization The following command revokes MODIFY permissions on all accounts in your organization from the role account_manager, preventing it from making changes to the accounts: 
REVOKE MODIFY ANY ACCOUNT ON ORGANIZATION "acme" FROM ORGANIZATION ROLE "account_manager"

REVOKE ROLE

Revokes an organization role from an identity (login or service account) or from another organization role.

Syntax

REVOKE ORGANIZATION ROLE <role_name> FROM { LOGIN <login_name> | SERVICE ACCOUNT <service_account_name> | ORGANIZATION ROLE <role_name_2> }

Parameters

ParameterDescription
<role_name>The name of the role to revoke.
<login_name>The name of the login from which to revoke <role_name>.
<service_account_name>The name of the service account from which to revoke <role_name>.
<role_name_2>The name of the role from which to revoke the role.

Example

Revoke a role from another role The following command removes the role_name role from role_name_2, revoking access to permissions granted to role_name: 
REVOKE ORGANIZATION ROLE role_name FROM ORGANIZATION ROLE role_name_2
Revoke a role from a login The following command revokes role role_name from a login "alexs@acme.com", removing the login’s access to the permissions granted by role_name: 
REVOKE ORGANIZATION ROLE role_name FROM LOGIN "alexs@acme.com"
Revoke a role from a service account The following command revokes role role_name from a service account service_account_name, removing the service account’s access to the permissions granted by role_name: 
REVOKE ORGANIZATION ROLE role_name FROM SERVICE ACCOUNT "service_account_name"