Entering content frame

REVOKE Statement (revoke_statement) 

The REVOKE statement revokes privileges.

Syntax

<revoke_statement> ::= REVOKE <priv_spec>,... FROM <grantee>,... [<cascade_option>]
| REVOKE EXECUTE ON <dbproc_name> FROM <grantee>,...
| REVOKE SELECT ON <sequence_name> FROM <grantee>,... [<cascade_option>]

priv_spec, grantee, cascade_option, dbproc_name, sequence_name

Explanation

The owner of a table can revoke the privileges granted for this table from any user.

If a user is not the owner of the table, he may only revoke the privileges he has granted.

If the SELECT privilege was granted for a table without specifying any column names, REVOKE SELECT (<column name>,...) can be used to revoke the SELECT privilege (see privilege type) for the specified columns. The SELECT privilege for table columns that have not been specified remains unchanged. The same is true for the UPDATE, REFERENCES, and SELUPD privileges.

The REVOKE statement can cascade; that is, revoking a privilege from one user can result in this privilege being revoked from other users who have received the privilege from the user in question.

Let U1, U2, and U3 be users.
U1 grants U2 the privilege set P WITH GRANT OPTION.
U1 grants U3 the privilege set P' (P'<=P).

If U1 revokes the privilege set P'' (P''<=P) from user U2, the privilege set (P'*P'') is revoked implicitly from user U3.

·        Whenever the SELECT privilege is revoked from the owner of a view table for a selected that does not occur in the table_expression of the view definition (CREATE VIEW statement), the column defined by select_column is dropped from the view table.
If this view table is used in the FROM clause of another view table, the described procedure is applied recursively to this view table.

·        If the SELECT privilege is revoked from the owner of a view table for a column or table occurring in the table_expression of the view definition, the view table is dropped, along with all view tables, privileges, and synonyms that are dependent on this view table, if no CASCADE option or the cascade option CASCADE is specified. The REVOKE statement will fail if the CASCADE option RESTRICT is specified.

REVOKE EXECUTE

If REVOKE EXECUTE is specified, the authorization to execute the database procedure is revoked from the user identified by grantee. The authorization for execution can only be revoked by the owner of the database procedure.

 

Leaving content frame