REVOKE [ GRANT OPTION FOR ] { { ALL [ PRIVILEGES ] | [ ALL BUT ] privilege [,...] } ON object | map_privilege [,...] | role_privilege [,...] | profile_privilege [,...] | zone_privilege [,...] } { TO | FROM } { user_revokee [,...] | PUBLIC | role_revokee [,...] } [;]
- object
{ { database_name | user_name | role_name | PUBLIC } | { database_name. | user_name. } object_name | object_name | PROCEDURE [ database_name. | user_name. ] procedure_name | SPECIFIC FUNCTION [ database_name. | user_name. ] specific_function_name | FUNCTION [ database_name. | user_name. ] function_name ( [ function_parameter [,...] ] ) | TYPE [SYSUDTLIB.] UDT_name }
- user_revokee
[ALL] user_name
- role_revokee
[ database_name. | user_name. ] role_name
- function_parameter
[ parameter_name ] data_type
- data_type
{ INTEGER | SMALLINT | BIGINT | BYTEINT | DATE | { TIME | TIMESTAMP } [ (fractional_seconds_precision) ] [WITH TIME ZONE] | INTERVAL YEAR [(precision)] [TO MONTH] | INTERVAL MONTH [(precision)] | INTERVAL DAY [(precision)] [TO { HOUR | MINUTE | SECOND [(fractional_seconds_precision)] }] | INTERVAL HOUR [(precision)] [TO { MINUTE | SECOND [(fractional_seconds_precision)] }] | INTERVAL MINUTE [(precision)] [TO SECOND [(fractional_seconds_precision)]] | INTERVAL SECOND [ (precision [, fractional_seconds_precision ] ) | PERIOD (DATE) | PERIOD ( { TIME | TIMESTAMP } [(precision)] [WITH TIME ZONE] ) | REAL | DOUBLE PRECISION | FLOAT [ (integer) ] | NUMBER [ ( { integer | * } [, integer]... ) ] | { DECIMAL | NUMERIC } [ ( integer [, integer]... ) ] | { CHAR | BYTE | GRAPHIC } [ (integer) ] | { VARCHAR | CHAR VARYING | VARBYTE | VARGRAPHIC } [ (integer) ] | LONG VARCHAR | LONG VARGRAPHIC | { BINARY LARGE OBJECT | BLOB | CHARACTER LARGE OBJECT | CLOB } ( integer [ G | K | M ] ) | [SYSUDTLIB.] { XML | XMLTYPE } [ ( integer [ G | K | M ] ) ] [ INLINE LENGTH integer ] | [SYSUDTLIB.] JSON [ ( integer [ K | M ] ) ] [ INLINE LENGTH integer ] [ CHARACTER SET { UNICODE | LATIN } | STORAGE FORMAT { BSON | UBJSON } ] | [SYSUDTLIB.] ST_GEOMETRY [ (integer [ K | M ]) ] [ INLINE LENGTH integer ] | [SYSUDTLIB.] DATASET [ (integer [ K | M ]) ] [ INLINE LENGTH integer ] [storage_format] | [SYSUDTLIB.] { UDT_name | MBR | ARRAY_name | VARRAY_name } }
Syntax Elements
- GRANT OPTION FOR
- Only the WITH GRANT OPTION authority is removed from the specified privilege set for the specified grantees for the corresponding explicit privileges they have on the specified database object.
- ALL
- PRIVILEGES
- Revoke from the specified user or role all explicitly granted non-MONITOR database, but not table, privileges that can be granted on the specified object, and that are held, either implicitly or explicitly, WITH GRANT OPTION by the user executing the REVOKE.
- ALL BUT
- Revoke all explicit database privileges from the specified database object, except those specified in the privilege set, that can be granted on the specified object and that are held, either implicitly or explicitly, WITH GRANT OPTION by the user performing the REVOKE statement.
- privilege
- One or more of the privileges listed in Privilege Dictionary.
INSERT, REFERENCES, SELECT, and UPDATE have separate table- and column-level options. See GRANT (SQL Form).
- map_privilege
- Revoke create and drop map privileges from users and roles.
- role_privilege
- One of the following privileges:
- CREATE ROLE
- DROP ROLE
- ROLE
ROLE is shorthand for both CREATE ROLE and DROP ROLE, not a separate privilege.
- profile_privilege
- One of the following privileges:
- CREATE PROFILE
- DROP PROFILE
- PROFILE
PROFILE is shorthand for both CREATE PROFILE and DROP PROFILE, not a separate privilege.
- zone_privilege
- One of the following privileges:
- CREATE ZONE
- DROP ZONE
- ZONE
ZONE is shorthand for both CREATE ZONE and DROP ZONE, not a separate privilege.
- database_name
- user_name
- role_name
- PUBLIC
- Name of a database, user, or role on which the explicitly granted privileges are to be revoked, or PUBLIC. All objects contained by this database or user space are affected.
- database_name.object_name
- user_name.object_name
- Name of the immediately owning database and optionally and the name of the object or the user name and the name of the object (table, view, procedure, join index, or macro) on which explicitly granted privileges are being revoked.
- object_name
- Name of the table, view, join index, procedure, function, function mapping, macro, or authorization name from which explicitly granted privileges are to be revoked.
- PROCEDURE
- database_name
- user_name
- procedure_name
- Name of the procedure from which privileges are to be revoked.
- SPECIFIC FUNCTION
- database_name
- user_name
- specific_function_name
- Specific name of the UDF from which privileges are to be revoked.
- FUNCTION
- database_name
- user_name
- function_name
- Name of the UDF from which privileges are to be revoked.
- parameter_name
- data_type
- Parenthetical comma-separated list of data types and optional parameter names for the variables to be passed to the UDF. This is used to uniquely identify overdetermined function names.
- TYPE
- SYSUDTLIB.
- UDT_name
- Name of a UDT on which a privilege set is to be revoked.
- TO
- FROM
- Recipient of the REVOKE statement action, which can be a set of users, ALL users, a role, or PUBLIC.
- ALL user_name
- User from whom explicit privileges are revoked. You can specify up to 25 user names.
- PUBLIC
- The explicit privileges are to be revoked from all currently defined Vantage users and are not to be granted to future users.
- database_name
- user_name
- Containing database or user for role_name if something other than the current database or user.
- role_name
- Name of a role from which privileges are revoked.