REVOKE (Role Form) Statement | SQL Data Control Language | Teradata Vantage - REVOKE (Role Form) - Analytics Database - Teradata Vantage

SQL Data Control Language

Deployment
VantageCloud
VantageCore
Edition
Enterprise
IntelliFlex
VMware
Product
Analytics Database
Teradata Vantage
Release Number
17.20
Published
June 2022
Language
English (United States)
Last Update
2023-07-11
dita:mapPath
sgu1628111251052.ditamap
dita:ditavalPath
qkf1628213546010.ditaval
dita:id
dvv1472243528022
lifecycle
latest
Product Category
Teradata Vantage™

Revokes a role from users or other roles.

ANSI Compliance

This statement is ANSI SQL:2011 compliant.

Required Privileges

To revoke a role, you must have the WITH ADMIN OPTION privilege on it. The following users can revoke role membership:
  • User DBC.
  • A user who was granted the specified role WITH ADMIN OPTION.

    A role is automatically granted to the creator of the role WITH ADMIN OPTION.

  • A user who has an active role to which the specified role was granted WITH ADMIN OPTION. An active role can be either a current role or a nested role of a current role.

The Effects of Revoking A Role

Roles define privileges on database objects. A user who activates a role inherits all the privileges for the role and its nested roles. A user can only activate a role that has been granted to that user.

Users can undergo role changes within their organization. An administrator can revoke a role when users no longer require access to the objects that the role has privileges to. An administrator can also revoke the WITH ADMIN OPTION privilege on a role when users no longer require the privilege to grant the role to users or other roles.

Authorized users can revoke the WITH ADMIN OPTION privilege on a role from the creator of the role.

The effect of revoking a role is immediate. Users who are logged on with the revoked role as the current role or a nested role of the current role lose the privileges that the role defines.

Users who have a default role set to the revoked role do not receive errors or warnings the next time they log on. However, the system does not use the obsolete default role for privilege validation. If the role is again granted to users, the default role again becomes the current role the next time users log on.