REVOKE (workload privileges) statement

This form of the REVOKE statement revokes the USAGE privilege on a workload.

Invocation

This statement can be embedded in an application program or issued through the use of dynamic SQL statements. It is an executable statement that can be dynamically prepared only if DYNAMICRULES run behavior is in effect for the package (SQLSTATE 42509).

Authorization

The privileges held by the authorization ID of the statement must include ACCESSCTRL, SECADM, or WLMADM authority.

Syntax

Read syntax diagramSkip visual syntax diagramREVOKE USAGEONWORKLOADworkload-name FROM,USERGROUPROLEauthorization-namePUBLICBY ALL

Description

USAGE
Revokes the privilege to use a workload.
ON WORKLOAD workload-name
Identifies the workload on which the USAGE privilege is to be revoked. This is a one-part name. The workload-name must identify a workload that exists at the current server (SQLSTATE 42704). The name cannot be 'SYSDEFAULTADMWORKLOAD' (SQLSTATE 42832).
FROM
Specifies from whom the USAGE privilege is revoked.
USER
Specifies that the authorization-name identifies a user.
GROUP
Specifies that the authorization-name identifies a group.
ROLE
Specifies that the authorization-name identifies an existing role at the current server (SQLSTATE 42704).
authorization-name,...
Lists the authorization IDs of one or more users, groups, or roles. The list of authorization IDs cannot include the authorization ID of the user issuing the statement (SQLSTATE 42502).
PUBLIC
Revokes the USAGE privilege from PUBLIC.
BY ALL
Revokes the USAGE privilege from all named users who were explicitly granted that privilege, regardless of who granted it. This is the default behavior.

Rules

  • For each authorization-name specified, if none of the keywords USER, GROUP, or ROLE is specified, then for all rows for the specified object in the SYSCAT.WORKLOADAUTH catalog view where the grantee is authorization-name:
    • If GRANTEETYPE is 'U', USER is assumed.
    • If GRANTEETYPE is 'G', GROUP is assumed.
    • If GRANTEETYPE is 'R', ROLE is assumed.
    • If GRANTEETYPE does not have the same value, an error is returned (SQLSTATE 56092.

Notes

  • The REVOKE statement does not take effect until it is committed, even for the connection that issues the statement.

Example

Revoke the privilege to use the workload CAMPAIGN from user LISA.
   REVOKE USAGE ON WORKLOAD CAMPAIGN FROM USER LISA