Previous Topic

Next Topic

Embedded Usage

You cannot use host language variables in an embedded Revoke statement.

Previous Topic

Next Topic

Permissions

The revoke statement can be executed by a user who is either the owner of the target object or has been granted permission (using WITH GRANT Option) to use the statement on the specific target object by another user. To revoke database privileges, you must be working in a session that is connected to the iidbdb. If the indicated roles have security audit attributes, the session must also have maintain_audit privilege.

Previous Topic

Next Topic

Locking

The Revoke statement locks pages in the iidbpriv catalog (if revoking database privileges) or iiprotect catalog, plus pages in the system catalogs that correspond to the object type (table, view, database event, or database procedure).

Previous Topic

Next Topic

Related Statements

Create Group

Create Role

Create User

Grant (privilege)

Previous Topic

Next Topic

Examples: Revoke

The following are Revoke statement examples:

  1. Revoke the query_row_limit privilege defined for the role identifier, review_emp, on the employee database.

    revoke query_row_limit on database employee
            from role review_emp;

  2. Prevent any user from granting any form of access to the payroll table (assuming no privileges were granted to specific users, groups, or roles). Delete all dependent grants.

    revoke grant option for all on payroll
            from public cascade;

  3. Prevent user joeb from running the manager bonus database procedure. Fail if joeb has granted execute privilege to other users.

    revoke execute on procedure mgrbonus
            from joeb restrict;

  4. Prevent user harry from selecting rows from the employees table (assuming the same privilege was not granted to public).

    revoke select on employees
            from harry cascade;

  5. Prevent user roger from using role manager.

    revoke manager from roger


© 2007 Ingres Corporation. All rights reserved.