REVOKE (XML schema privileges)
This form of the REVOKE statement removes the privileges on an XSR object.
Invocation
This statement can be embedded in an application program or issued interactively. It is an executable statement that can be dynamically prepared.
Authorization
The privileges held by the authorization ID of the statement must include at least one of the following:
- For each XSR object identified in the statement:
- Every privilege specified in the statement
- The system authority of *OBJMGT on the XSR object
- The system authority *EXECUTE on the library containing the XSR object
- Database administrator authority
- Security administrator authority
Syntax
Description
- ALL or ALL PRIVILEGES
- Revokes one
or more XSR object privileges from each authorization-name.
The privileges revoked are those privileges on the identified XSR
objects that were granted to the authorization-names. Note
that revoking ALL PRIVILEGES on an XSR object is not the same as revoking
the system authority of *ALL.
If you do not use ALL, you must use one or more of the keywords listed below. Each keyword revokes the privilege described.
- ALTER
- Revokes the privilege to use the COMMENT and LABEL statements.
- USAGE
- Revokes the privilege to use an XSR object.
- ON XSROBJECT xsrobject-name
- Identifies the XSR objects for which the privilege is revoked. The xsrobject-name must identify an XSR object that exists at the current server.
- FROM
- Identifies from whom the privileges
are revoked.
- USER
- Specifies that the authorization-name identifies a user profile. If USER is specified, authorization-name must be a user profile.
- GROUP
- Specifies that the authorization-name identifies a group profile. If GROUP is specified, authorization-name must be a group profile.
- authorization-name,…
- Lists one or more authorization IDs. Do not specify the same authorization-name more than once.
- PUBLIC
- Revokes a grant of the privilege to PUBLIC. For more information, see Authorization, privileges and object ownership.
Notes
Multiple grants: If you revoke a privilege on an XSR object, it nullifies any grant of the privilege on that XSR object, regardless of who granted it.
Revoking WITH GRANT OPTION: The only way to revoke the WITH GRANT OPTION is to revoke ALL.
Privilege warning: Revoking a specific privilege from a user does not necessarily prevent that user from performing an action that requires that privilege. For example, the user may still have the privilege through PUBLIC privileges or database administrator authority.
Corresponding system authorities: When an XSR object privilege is revoked, the corresponding system authorities are revoked. For information about the system authorities that correspond to SQL privileges see GRANT (XML schema privileges).
Example
Revoke the USAGE privilege on XSR object XMLSCHEMA from PUBLIC.
REVOKE USAGE
ON XSRSOBJECT XMLSCHEMA
FROM PUBLIC