Use the REVOKE command to revoke privileges from a user or group, or to revoke the ability of a user or group to grant privileges to other users.

Use the \dp slash command to obtain information about privileges on existing objects. For more information about slash commands, see the IBM® Netezza® System Administrator’s Guide.


Syntax for revoking an object privilege:
REVOKE [ GRANT OPTION FOR ] <object_privilege>[,<object_privilege>…]
ON [ <object>[,<object>…] [ TYPE <type> ] | <type>[,<type>…] ]
FROM { PUBLIC | GROUP <groupname> | <username> }
Syntax for granting an administration privilege:
REVOKE [ GRANT OPTION FOR ] <admin_privilege>[,<admin_privilege>…]
[ IN <scope> ] FROM { PUBLIC | GROUP <groupname> | <username> }


The REVOKE command takes the following inputs:
Table 1. REVOKE inputs
Input Description
GRANT OPTION FOR Do not revoke the specified privileges, but revoke only the users' ability to grant those privileges to other users.
<object_privilege> One of the object privileges listed in Table 1.
<object> The name of the object or object class for which the object privilege is to be revoked. The name can be a qualified with the schema name or the database and schema names:
The default database and schema are the current database and schema. If the privilege is to apply to all databases or schemas, specify ALL in place of the database or schema name.

The object can be of, or the object class can be, one of the types listed in Table 1:

To revoke privileges on system tables, specify the SYSTEM TABLE object.

TYPE Specify this parameter when the type of specified objects is or might be ambiguous. It can be one of the types listed for <object>.
<admin_privilege> One the administration privileges listed in Table 1:
<scope> The scope of the administrative privileges:
A specific schema in the current database
A specific database and schema.
All schemas in a database.
All schemas in all databases.
PUBLIC The privileges are to be revoked from the Public group. The Public group is a group of which all users are members, including users whose accounts are created later.
<groupname> The user group from which the privileges are to be revoked. A user who is a member of this user group loses all privileges that were not also granted to the user directly or by means of another user group.
<username> The user from whom the privileges are to be revoked. Privileges that are granted by means of a user group cannot be revoked from an individual member of the group. Instead, remove the user from the group and adjust the user's privileges as needed; for example, by creating a new group with the appropriate privileges and adding the user to that group.


The REVOKE command has the following output:
Table 2. REVOKE output
Output Description
REVOKE The command was successful.


You must be the admin user, the owner of the user account or group from which you are revoking privileges, or your account must have List and Alter privileges for the user or group, or for the User or Group object class.


The following provides sample usage.
  • Revoke the Insert privilege from the Public group for the table films: