REVOKE
Revoke privileges from a SingleStoreDB user or role.
Syntax
REVOKE priv_type [, priv_type] ... ON priv_level FROM user_or_role [, user_or_role [ ... ]] ... priv_level: * | *.* | database.* user_or_role: user [, user] | role user: 'user_name'[@'host_name'] role: ROLE 'role_name' priv_type: SELECT | INSERT | UPDATE | DELETE | CREATE | DROP | RELOAD | PROCESS | FILE READ | FILE WRITE | GRANT OPTION | INDEX | ALTER | SHOW METADATA | SUPER | CREATE TEMPORARY TABLES | LOCK TABLES | REPLICATION | CREATE VIEW | SHOW VIEW | CREATE USER | CLUSTER | ALTER VIEW | DROP VIEW | BACKUP | CREATE DATABASE | DROP DATABASE REVOKE ALL PRIVILEGES, GRANT OPTION FROM user_or_role [, user_or_role] ...
Remarks
priv_level
- privilege levelpriv_type
- privilege typeuser_or_role
: One or more user attributes or a role attribute. The@'host_name'
part is optional. If a hostname is not specified,@'%'
will be appended to the user string. For example,'demo-user'
is equivalent to'demo-user'@'%'
.The'%'
wildcard matches any hostname.user
andhost_name
need not be quoted if they are legal as unquoted identifiers. Quotes must be used if ahost_name
string contains wildcard characters (such as%
), or a user string contains special characters (such as space or-
) or is a restricted keyword.This command can be run on any SingleStoreDB node.
This command causes implicit commits. See COMMIT for more information.
GRANT OPTION
must be revoked separately from any other privileges.The
REVOKE
command holds a global lock on the cluster until the processing of the command is completed. See Cluster Level Locks for more info.See the Permission Matrix for the required permission.
Examples
REVOKE INSERT ON *.* FROM 'user'; REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'user'; REVOKE SELECT ON dbTable FROM ROLE 'r1';
Related Topics