/
revoke.rst
59 lines (40 loc) · 1.47 KB
/
revoke.rst
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
.. _ref-revoke:
==========
``REVOKE``
==========
Revokes a previously granted privilege on the whole cluster or on a specific
object from a user or a role.
.. rubric:: Table of contents
.. contents::
:local:
Synopsis
========
.. code-block:: psql
REVOKE { { DQL | DML | DDL | AL [,...] } | ALL [ PRIVILEGES ] }
[ON {SCHEMA | TABLE | VIEW} identifier [, ...]]
FROM name [, ...];
.. code-block:: psql
REVOKE role_name_to_revoke [, ...] FROM name [, ...]
Description
===========
``REVOKE`` is a management statement which comes in two flavours.
The first one is used to revoke previously granted privileges on a specific
object from one or many existing users or roles.
``ON {SCHEMA | TABLE | VIEW}`` is optional, if not specified the privilege will
be revoked on the ``CLUSTER`` level.
The second one is used to revoke previously granted roles from one or many
existing users or roles. Thus, the users or roles loose the privileges which
had automatically :ref:`inherit <roles_inheritance>` from those previously
granted roles.
For usages of the ``REVOKE`` statement see :ref:`administration-privileges`.
Parameters
==========
:identifier:
The identifier of the corresponding object.
If ``TABLE`` or ``VIEW`` is specified the ``identifier`` should include the
object's full qualified name. Otherwise it will be looked up in
the current schema.
:role_name_to_revoke:
The name of the role to revoke from another user or role.
:name:
The name of an existing user or role.