Revokes a role from users or other roles.
ANSI Compliance
This statement is ANSI SQL:2011 compliant.
Required Privileges
- User DBC.
- A user who was granted the specified role WITH ADMIN OPTION.
A role is automatically granted to the creator of the role WITH ADMIN OPTION.
- A user who has an active role to which the specified role was granted WITH ADMIN OPTION. An active role can be either a current role or a nested role of a current role.
The Effects of Revoking A Role
Roles define privileges on database objects. A user who activates a role inherits all the privileges for the role and its nested roles. A user can only activate a role that has been granted to that user.
Users can undergo role changes within their organization. An administrator can revoke a role when users no longer require access to the objects that the role has privileges to. An administrator can also revoke the WITH ADMIN OPTION privilege on a role when users no longer require the privilege to grant the role to users or other roles.
Authorized users can revoke the WITH ADMIN OPTION privilege on a role from the creator of the role.
The effect of revoking a role is immediate. Users who are logged on with the revoked role as the current role or a nested role of the current role lose the privileges that the role defines.
Users who have a default role set to the revoked role do not receive errors or warnings the next time they log on. However, the system does not use the obsolete default role for privilege validation. If the role is again granted to users, the default role again becomes the current role the next time users log on.