-556   revoke-target CANNOT HAVE THE privilege PRIVILEGE object-name REVOKED BY revoker-id BECAUSE THE REVOKEE DOES NOT POSSESS THE PRIVILEGE OR THE REVOKER DID NOT MAKE THE GRANT

The REVOKE statement was not successful.

revoke-target

The authorization ID that the revoke attempt was made against.

privilege

The name of the privilege that was to be revoked.

object-name

The name of the object that the privilege applies to.

revoker-id

The authorization ID that attempted to revoke the privilege.

A failed revocation attempt is commonly caused by one or more of the following conditions:

• The authorization ID that was the target of the REVOKE statement, revoke-target, does not possess the privilege that was to be revoked.
• The revoking authorization ID, revoker-id, did not explicitly grant the privilege to revoke-target. An authorization ID can revoke only the privileges that it has explicitly granted to other authorization IDs, unless the authorization ID has SECADM or ACCESSCTRL authority and specifies the BY clause.
• The authorization ID revoke-target is the owner of the specified object. No authorization ID, not even SECADM, can revoke privileges on an object from the object owner.
• If privilege is "***": The keyword ALL was used in the REVOKE statement, but revoke-target did not possess any privilege to revoke.
• If revoker-id is "ALL": The BY ALL clause was used in the REVOKE statement, but revoke-target did not possess any privilege to revoke.
• If revoker-id holds SECADM or ACCESSCTRL authority: The BY clause might have been omitted from the REVOKE statement.