Revoke privileges

This topic describes how to revoke privileges from a user.

Prerequisites

• When you revoke an object privilege, you must have the privilege to be revoked. For example, for the test1 user to revoke the SELECT privilege on the t1 table from the test2 user, the test1 user must have the SELECT privilege on the t1 table. In addition, you must have the GRANT OPTION or GRANT ANY OBJECT PRIVILEGE privilege.

• When you revoke a system privilege or a role, you must have the privilege or role to be revoked and have the GRANT OPTION, GRANT ANY PRIVILEGE, or GRANT ANY ROLE privilege.

• To revoke the ALL PRIVILEGES and GRANT OPTION privileges, you must have the global GRANT OPTION privilege or the UPDATE and DELETE privileges on the table.

For information about how to view your privileges, see View user privileges. If you do not have the required privileges, contact the administrator to obtain the privileges.

Considerations

• When you revoke multiple privileges from a user, the privileges must be separated with commas (,).

• When you revoke privileges from multiple users, the usernames must be separated with commas (,).

• If GRANT OPTION is not specified when you grant privileges to a user, privilege revocation does not extend to dependent users. For example, if the test1 user has granted some privileges to the test2 user, when the privileges of the test1 user are revoked, the privileges granted to the test2 user will not be revoked.

Examples

• Revoke system privileges

  Revoke the CREATE SEQUENCE privilege of the test user.

  obclient> REVOKE CREATE SEQUENCE FROM test;
  

• Revoke object privileges

  Revoke the SELECT and UPDATE privileges on the emp_view view from the test user.

  obclient> REVOKE ALL PRIVILEGES FROM user_name;
  

For more information about the REVOKE statement, see REVOKE.