Revoke privileges

This topic describes how to revoke privileges from a user.

Prerequisites

• You must have the privileges to be revoked and the GRANT OPTION privilege. For example, if the test1 user wants to revoke the SELECT privilege on the t1 table from the test2 user, the test1 user must have the SELECT privilege on the t1 table.

• To revoke the ALL PRIVILEGES and GRANT OPTION privileges, you must have the global GRANT OPTION privilege or the UPDATE and DELETE privileges on the table.

Considerations

• When you revoke multiple privileges from a user at a time, separate the privileges with commas (,).

• When you revoke a privilege from multiple users at a time, separate the usernames with commas (,).

• The revocation does not cascade to dependent users. For example, if the test1 user has granted some privileges to the test2 user, when the privileges of the test1 user are revoked, the privileges granted to the test2 user will not be revoked.

Examples

• Revoke global privileges

  To revoke the INSERT and SELECT privileges on all tables in all databases from the test user, execute the following statement:

  obclient> REVOKE SELECT, INSERT ON *.* FROM 'test';
  

• Revoke database-level privileges

  To revoke the INSERT and SELECT privileges on all tables in the db1 database from the test user, execute the following statement:

  obclient> REVOKE SELECT, INSERT ON db1 FROM 'test';
  

• Revoke table-level privileges

  To revoke the INSERT and SELECT privileges on the tb1_name table in the db1 database from the test user, execute the following statement:

  obclient> REVOKE SELECT, INSERT ON db1.tb1_name FROM 'test';
  

• Revoke column-level privileges

  To revoke the SELECT privilege on the c1 column and the INSERT privilege on the c1 and c2 columns of the tb1_name table in the db1 database from the test user, execute the following statement:

  obclient> REVOKE SELECT(c1), INSERT (c1, c2) ON db1.tb1_name FROM test;
  

For more information about the REVOKE statement, see REVOKE.