Revoke account permissions
Syntax
REVOKE privilege_type
ON privilege_level
FROM user[, …]
Parameters
- privilege_type indicates the type of the permission. Valid values are SELECT, SHOW, ALTER, DROP, CREATE, INSERT, UPDATE, DELETE, GRANT OPTION, ALL, ALL PRIVILEGES, and USAGE.
privilege_level indicates the level of the permission you want to revoke.
* indicates that the database-level permissions of xxDB that is connected to the instance are revoked.
. indicates global-level permissions of all tables in all databases are revoked.
xxDb.* indicates that database-level permissions of the specified schema or database are revoked.
xxDb.yyTable indicates that the table-level permissions of the specified table in the specified database are revoked.
yyTable indicates that table-level permissions of xxTable in xxDB that is connected to the instance are revoked.
- Currently, field-level permissions cannot be revoked.
user indicates the sub-account of which permissions are revoked.
Only the DLA root account can revoke permissions of other non-root accounts.
Non-root accounts cannot revoke permissions of other accounts.
Permissions cannot be revoked in cross-account mode.
The root account can run the SHOW GRANTS command to view only the permissions of other accounts under the same cloud account.
Example
To revoke the DESCRIBE and SELECT permissions of the account dla_test on customer, run the following statement:
REVOKE describe,select ON customer FROM 'dla_test';