REVOKE
Use the REVOKE command to revoke privileges from a user or group, or to revoke the ability of a user or group to grant privileges to other users.
Use the \dp slash command to obtain information about privileges on existing objects. For more information about slash commands, see the IBM® Netezza® System Administrator’s Guide.
Syntax
REVOKE [ GRANT OPTION FOR ] <object_privilege>[,<object_privilege>…]
ON [ <object>[,<object>…] [ TYPE <type> ] | <type>[,<type>…] ]
FROM { PUBLIC | GROUP <groupname> | <username> }
REVOKE [ GRANT OPTION FOR ] <admin_privilege>[,<admin_privilege>…]
[ IN <scope> ] FROM { PUBLIC | GROUP <groupname> | <username> }
Inputs
Input | Description |
---|---|
GRANT OPTION FOR | Do not revoke the specified privileges, but revoke only the users' ability to grant those privileges to other users. |
<object_privilege> | One of the object privileges listed in Table 1. |
<object> | The name of the object or object class for which the object
privilege is to be revoked. The name can be a qualified with the schema
name or the database and schema names: The
default database and schema are the current database and schema. If
the privilege is to apply to all databases or schemas, specify ALL
in place of the database or schema name.The object can be of, or the object class can be, one of the types listed in Table 1: To revoke privileges on system tables, specify the SYSTEM TABLE object. |
TYPE | Specify this parameter when the type of specified objects is or might be ambiguous. It can be one of the types listed for <object>. |
<admin_privilege> | One the administration privileges listed in Table 1: |
<scope> | The scope of the administrative privileges:
|
PUBLIC | The privileges are to be revoked from the Public group. The Public group is a group of which all users are members, including users whose accounts are created later. |
<groupname> | The user group from which the privileges are to be revoked. A user who is a member of this user group loses all privileges that were not also granted to the user directly or by means of another user group. |
<username> | The user from whom the privileges are to be revoked. Privileges that are granted by means of a user group cannot be revoked from an individual member of the group. Instead, remove the user from the group and adjust the user's privileges as needed; for example, by creating a new group with the appropriate privileges and adding the user to that group. |
Output
Output | Description |
---|---|
REVOKE | The command was successful. |
Privileges
You must be the admin user, the owner of the user account or group from which you are revoking privileges, or your account must have List and Alter privileges for the user or group, or for the User or Group object class.
Usage
- Revoke the Insert privilege from the Public group for the table
films
:MYDB.SCH1(USER)=> REVOKE Insert ON films FROM PUBLIC;