SQL Command and Function Reference - DBMaker Online / Manuals

REVOKE (Security Privileges)

Revokes privileges granted on a database from a user.

SYNTAX

user_name

Name of the user you want to remove from the group.

DESCRIPTION

The REVOKE (security privileges) command removes a user from a database or changes the security privileges of a user. To execute the REVOKE (security privileges) command, you must have SYSADM security privileges.

The SYSADM can revoke DBA, RESOURCE, and CONNECT security privileges from a user. Revoking CONNECT security privilege effectively removes a user ID from the database. Once a user ID is removed, that user can no longer connect to the database. Revoking lower security privileges does not implicitly revoke higher ones as well, with the exception of the CONNECT security privilege; revoking the CONNECT security privilege revokes all higher security privileges as well. Only the SYSADM may revoke security privileges from other users.

DBA security privilege has all same capabilities as RESOURCE security privilege, but may additionally create tablespaces and files. Users with DBA security privileges can also grant or revoke object privileges for schema objects owned by other users (except for system schema objects).

RESOURCE security privilege allows a user to create, alter, and drop tables, domains, and indexes. As the owner of any objects they create, users with RESOURCE security privileges may grant and revoke object privileges to other users and create synonyms and views for any objects they own.

CONNECT security privilege is necessary before a user can connect to a database. Once a user is granted CONNECT security privilege they have been added to the database as a user. All users must be granted CONNECT security privilege before they can be granted any other security privileges. A user with CONNECT security privileges may create temporary tables in a database, or perform queries on any data to which they have explicitly been granted permission.

User names and passwords have a maximum length of eight characters, and may contain letters, numbers, the underscore character, and the symbols $ and #. The first character may not be a number.

EXAMPLES

The following example revokes DBA security privilege from the users named vivian and jenny.

REVOKE DBA FROM vivian, jenny

The following example revokes RESOURCE security privilege from the users named vivian and jenny. Revoking RESOURCE security privilege does not revoke DBA security privilege as well. You must explicitly revoke DBA security privilege as well as RESOURCE security privilege to remove both.

REVOKE RESOURCE FROM vivian, jenny

The following example revokes CONNECT security privilege from the users named vivian and jenny. Revoking CONNECT security privilege removes the user from the database and automatically revokes RESOURCE and DBA security privileges as well.

REVOKE CONNECT FROM vivian, jenny

RELATED COMMANDS

GRANT (Execute Privileges)

GRANT (Object Privileges)

GRANT (Security Privileges)

REVOKE (Execute Privileges)

REVOKE (Object Privileges)

< REVOKE (Object Privileges) | Contents | ROLLBACK >