All Products
Search
Document Center

REVOKE

Last Updated: Apr 14, 2021

Revoke account permissions.

Syntax

REVOKE privilege_type ON privilege_level FROM user[, …]

Parameters

  • privilege_type: indicates the type of the permission. Valid values are SELECT, SHOW, ALTER, DROP, CREATE, INSERT, UPDATE, DELETE, GRANT OPTION, ALL, ALL PRIVILEGES, and USAGE.

  • privilege_level: indicates the level of the permission you want to revoke.

    • *: indicates that the database-level permissions of xxDB that is connected to the instance are revoked.

    • *.*: indicates global-level permissions of all tables in all databases are revoked.

    • xxDb.*: indicates that database-level permissions of the specified schema or database are revoked.

    • xxDb.yyTable: indicates that the table-level permissions of the specified table in the specified database are revoked.

    • yyTable: indicates that table-level permissions of xxTable in xxDB that is connected to the instance are revoked.

    • Currently, field-level permissions cannot be revoked.

  • user: indicates the sub-account of which permissions are revoked.

    • Only the DLA root account can revoke permissions of other non-root accounts.

    • Non-root accounts cannot revoke permissions of other accounts.

    • Permissions cannot be revoked in cross-account mode.

    • The root account can run the SHOW GRANTS command to view only the permissions of other accounts under the same cloud account.

Examples

To revoke the DESCRIBE and SELECT permissions of the account dla_test on customer, run the following statement:

REVOKE show,select ON customer FROM 'dla_test';