Sign inTry Free

REVOKE

On this page

Revoke privileges from a SingleStore user or role.

Syntax

REVOKE priv_type [, priv_type] ... ON priv_level
    FROM user_or_role [, user_or_role [ ... ]] ...

priv_level:
    *
  | *.*
  | database.*

user_or_role:
  user [, user]
  | role

user:
  'user_name'[@'host_name']

role:
  ROLE 'role_name'

priv_type:
    SELECT
  | INSERT
  | UPDATE
  | DELETE
  | CREATE
  | DROP
  | RELOAD
  | PROCESS
  | FILE READ
  | FILE WRITE
  | GRANT OPTION
  | INDEX
  | ALTER
  | SHOW METADATA
  | SUPER
  | CREATE TEMPORARY TABLES
  | LOCK TABLES
  | REPLICATION
  | CREATE VIEW
  | SHOW VIEW
  | CREATE USER
  | CLUSTER
  | ALTER VIEW
  | DROP VIEW
  | BACKUP
  | CREATE DATABASE
  | DROP DATABASE

REVOKE ALL PRIVILEGES, GRANT OPTION
    FROM user_or_role [, user_or_role] ...

Remarks

  • priv_level - privilege level

  • priv_type - privilege type

  • user_or_role: One or more user attributes or a role attribute. The @'host_name' part is optional. If a hostname is not specified, @'%' will be appended to the user string. For example, 'demo-user' is equivalent to 'demo-user'@'%'.The '%' wildcard matches any hostname. user and host_name need not be quoted if they are legal as unquoted identifiers. Quotes must be used if a host_name string contains wildcard characters (such as %), or a user string contains special characters (such as space or -) or is a restricted keyword.

  • This command can be run on any SingleStore node.

  • This command causes implicit commits. Refer to COMMIT for more information.

  • GRANT OPTION must be revoked separately from any other privileges.

  • The REVOKE command holds a global lock on the cluster until the processing of the command is completed. See Cluster Level Locks for more info.

  • A user is granted the USAGE privilege by default. This privilege cannot be removed by using REVOKE [ALL]. The USAGEprivilege is automatically removed when the user is dropped.

  • Refer to the Permission Matrix for the required permissions.

Examples

REVOKE INSERT ON *.* FROM 'user';


REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'user';


REVOKE SELECT ON dbTable FROM ROLE 'r1';

Related Topics

Last modified: February 1, 2024

Was this article helpful?

On this page

Was this article helpful?

Verification instructions

Note: You must install cosign to verify the authenticity of the SingleStore file.

Use the following steps to verify the authenticity of singlestoredb-server, singlestoredb-toolbox, singlestoredb-studio, and singlestore-client SingleStore files that have been downloaded.

You may perform the following steps on any computer that can run cosign, such as the main deployment host of the cluster.

  1. (Optional) Run the following command to view the associated signature files.

    curl undefined

  2. Download the signature file from the SingleStore release server.

    • Option 1: Click the Download Signature button next to the SingleStore file.

    • Option 2: Copy and paste the following URL into the address bar of your browser and save the signature file.

    • Option 3: Run the following command to download the signature file.

      curl -O undefined

  3. After the signature file has been downloaded, run the following command to verify the authenticity of the SingleStore file.

    echo -n undefined |
        cosign verify-blob --certificate-oidc-issuer https://oidc.eks.us-east-1.amazonaws.com/id/CCDCDBA1379A5596AB5B2E46DCA385BC \
          --certificate-identity https://kubernetes.io/namespaces/freya-production/serviceaccounts/job-worker \
          --bundle undefined \
          --new-bundle-format -
    Verified OK