Red Hat Database: SQL Guide and Reference
PrevNext

REVOKE

Name

REVOKE  --  Revokes access privilege from a specific user, a group of users, or all users.

Synopsis

REVOKE { { SELECT | INSERT | UPDATE | DELETE | RULE | REFERENCES | TRIGGER } [,...] | ALL [ PRIVILEGES ] }
    ON [ TABLE ] object [, ...]
    FROM { username | GROUP groupname | PUBLIC } [, ...]

Inputs

privilege

The possible privileges are:

SELECT

Privilege to access all of the columns of a specific table/view.

INSERT

Privilege to insert data into all columns of a specific table.

UPDATE

Privilege to update all columns of a specific table.

DELETE

Privilege to delete rows from a specific table.

RULE

Privilege to define rules on table/view.

ALL

Rescind all privileges.

object

The name of an object from which to revoke access. The possible objects are table, view, and sequence.

group

The name of a group from whom to revoke privileges.

username

The name of a user from whom revoke privileges. Use the PUBLIC keyword to specify all users.

PUBLIC

Rescind the specified privilege(s) for all users.

Outputs

CHANGE

Message returned if REVOKE was performed successfully.

ERROR

Message returned if object is not available or if it is impossible to revoke privileges from a group or users.

Description

REVOKE allows the creator of an object to revoke previously granted permissions from one or more users or groups of users. The key word PUBLIC refers to the implicitly defined group of all users.

Note that any particular user will have the sum of privileges granted directly to him, privileges granted to any group he is presently a member of, and privileges granted to PUBLIC. Thus, for example, revoking SELECT privilege from PUBLIC does not necessarily mean that all users have lost SELECT privilege on the object: those who have it granted directly or via a group will still have it.

See the description of the GRANT command for the meaning of the privilege types.

Notes

Refer to the psql \z command for further information about permissions on existing objects.

Usage

Revoke insert privilege from all users on table films: 
REVOKE INSERT ON films FROM PUBLIC;

Revoke all privileges from user manuel on view kinds: 
  
REVOKE ALL ON kinds FROM manuel;

Compatibility

SQL92

The compatibility notes of the GRANT command apply analogously to REVOKE. The syntax summary is: 
REVOKE [ GRANT OPTION FOR ] { SELECT | INSERT | UPDATE | DELETE | REFERENCES }
    ON object [ ( column [, ...] ) ]
    FROM { PUBLIC | username [, ...] }
    { RESTRICT | CASCADE }

If user1 gives a privilege WITH GRANT OPTION to user2, and user2 gives it to user3 then user1 can revoke this privilege in cascade using the CASCADE keyword. If user1 gives a privilege WITH GRANT OPTION to user2, and user2 gives it to user3, then if user1 tries to revoke this privilege it fails if he specifies the RESTRICT keyword.

PrevHomeNext
RESETUpROLLBACK