You can revoke all or some privileges to users and roles when they are no longer needed or available. You can specify up to 25 names in each REVOKE request. The syntax for the command is:
REVOKE { ALL [ PRIVILEGES ] | [ ALL BUT ] privilege [,...] } ON object | map_privilege [,...] | role_privilege [,...] | profile_privilege [,...] | zone_privilege [,...] FROM { user_name [,...] | PUBLIC | role_name [,...] } [;]
The ALL parameter specifies that the privileges to be revoked from the user are also revoked for every user owned by that user now and in the future. If you do not specify ALL, then the revocation does not cascade through the hierarchy.
For example, to revoke SELECT on the second quarter sales table, Q2_sales, from the Sales role, you would enter the following:
REVOKE SELECT PRIVILEGES ON Q2_table FROM Sales;