REVOKE

Revokes permissions from a role. Can also be used to revoke a role from another role or a user.

For more information, see Role-based access control.

Syntax

REVOKE <privilege> ON <object_type> <object_name> FROM <role_name>

or

REVOKE ROLE <role_name> FROM { USER <user_name> | ROLE <role2_name> }

Parameters

Parameter Description
<permission> The name of the permission to revoke from a role. Permissions that can be revoked depend on the object they are revoked from - for a full list see Permissions.
<object_type> The object to revoke permissions from - either DATABASE or ENGINE.
<object_name> The name of the database or engine to revoke permissions from.
<role_name> The name of the role.
<user_name> The name of the user from whom to revoke the role.
<role2_name> The name of the role from whom to revoke the role.

Example

The following command will revoke MODIFY permissions on the database “my_db” from the role “user_role”.

REVOKE MODIFY ON DATABASE my_db FROM user_role;

Example 2

The following command will revoke USAGE permissions on all databases in the account “dev” from the role “user_role”.

REVOKE USAGE ANY DATABASE ON ACCOUNT dev FROM user_role;