# REVOKE Revoke privileges from a SingleStore Helios user or role. ## Syntax ``` REVOKE priv_type [, priv_type] ... ON priv_level FROM user_or_role [, user_or_role [ ... ]] ... priv_level: * | *.* | database.* user_or_role: user [, user] | role user: 'user_name'[@'host_name'] role: ROLE 'role_name' priv_type: SELECT | INSERT | UPDATE | DELETE | CREATE | DROP | RELOAD | PROCESS | FILE READ | FILE WRITE | GRANT OPTION | INDEX | ALTER | SHOW METADATA | CREATE TEMPORARY TABLES | LOCK TABLES | REPLICATION | CREATE VIEW | SHOW VIEW | CREATE USER | CLUSTER | ALTER VIEW | DROP VIEW | BACKUP | CREATE DATABASE | DROP DATABASE REVOKE ALL PRIVILEGES, GRANT OPTION FROM user_or_role [, user_or_role] ... ``` ## Remarks * `priv_level` - privilege level * `priv_type` - privilege type * `user_or_role`: One or more user attributes or a role attribute. The `@'host_name'` part is optional. If a hostname is not specified, `@'%'` will be appended to the user string. For example, `'demo-user'` is equivalent to `'demo-user'@'%'`.The `'%'` wildcard matches *any* hostname. `user` and `host_name` need not be quoted if they are legal as unquoted identifiers. Quotes must be used if a `host_name` string contains wildcard characters (such as `%`), or a user string contains special characters (such as space or `-`) or is a [restricted keyword](https://docs.singlestore.com/cloud/reference/sql-reference/restricted-keywords.md). * This command can be run on any SingleStore Helios node. * This command causes implicit commits. Refer to [COMMIT](https://docs.singlestore.com/cloud/reference/sql-reference/data-manipulation-language-dml/commit.md) for more information. * `GRANT OPTION` must be revoked separately from any other privileges. * The `REVOKE` command holds a global lock on the cluster until the processing of the command is completed. See [Workspace Level Locks](https://docs.singlestore.com/cloud/reference/sql-reference/operations-that-take-either-a-database-or-a-workspace-level-lock/workspace-level-locks.md) for more info. * A user is granted the `USAGE` privilege by default. This privilege cannot be removed by using `REVOKE [ALL]`. The `USAGE`privilege is automatically removed when the user is dropped. * Refer to the [Permissions Matrix](https://docs.singlestore.com/cloud/reference/sql-reference/security-management-commands/permissions-matrix.md) for the required permissions. ## Examples ```sql REVOKE INSERT ON *.* FROM 'user'; REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'user'; REVOKE SELECT ON dbTable FROM ROLE 'r1'; ``` **Related Topics** * [REVOKE GROUP](https://docs.singlestore.com/cloud/reference/sql-reference/security-management-commands/revoke-group.md) * [REVOKE ROLE](https://docs.singlestore.com/cloud/reference/sql-reference/security-management-commands/revoke-role.md) *** Modified at: November 18, 2025 Source: [/cloud/reference/sql-reference/security-management-commands/revoke/](https://docs.singlestore.com/cloud/reference/sql-reference/security-management-commands/revoke/) (An index of the documentation is available at /llms.txt)