The REVOKE statement removes authorization granted by a GRANT statement.
The syntax of the REVOKE statement is:
REVOKE operation-list ON tablename FROM user-list
- Lists one or more of the following, separated by commas: ALTER, DELETE, INSERT, SELECT, UPDATE. Use ALL to revoke all privileges at once.
- Names the table or view for which the authorization is revoked.
- Lists each user ID with commas between them. PUBLIC can be specified in place of user-list. The use of PUBLIC does not revoke a privilege from any user ID for which authorization was specifically granted; such a privilege must also be specifically revoked.
REVOKE and GRANT are similar, with the following exceptions:
- With REVOKE, you cannot specify a column list after UPDATE. UPDATE
revokes the authorization to update any column. To revoke authorization
to update specific columns and allow it to remain for others:
- Revoke the authorization to update any column.
- Grant the authorization to update a specific list of columns.
- If you grant a privilege to JONES, who then grants it to JACOBS, and you revoke the privilege from JONES, that privilege is also revoked from JACOBS.
The following statement revokes from JACOBS the authorization to write SELECT queries using the PERS table:
REVOKE SELECT ON PERS FROM JACOBS
The following statement revokes from user HSAM4419 the privilege to update any column in the PERS table:
REVOKE UPDATE ON PERS FROM HSAM4419