All Products
Search

This Product

    Lindorm:REVOKE

    Document Center

    Lindorm:REVOKE

    Last Updated:Mar 28, 2026

    Use REVOKE to remove permissions from a user. Before revoking permissions, run SHOW PRIVILEGES to review the permissions granted to all users.

    Whether a REVOKE statement executes successfully depends on the permissions of the user running it.

    Applicable engines and versions

    LindormTable (all versions) and LindormTSDB (all versions).

    Syntax

    revoke_permission_statement ::=  REVOKE privilege_definition ON resource_definition FROM user_identifier
privilege_definition        ::=  ALL | ALL PRIVILEGE | READ | WRITE | ADMIN | TRASH | SYSTEM
resource_definition         ::=  GLOBAL | DATABASE identifier | SCHEMA identifier | TABLE identifier

    Parameters

    Permission (privilege_definition)

    PermissionDescription
    ALL or ALL PRIVILEGERevokes all permissions on the specified resource, including READ, WRITE, ADMIN, and TRASH.
    READRevokes the read permission on the specified resource.
    WRITERevokes the write permission on the specified resource.
    ADMINRevokes the administrator permission on the specified resource.
    TRASHRevokes the delete permission on the specified resource.
    SYSTEMRevokes cluster management permissions, including the ADMIN permission at the GLOBAL level.

    Resource level (resource_definition)

    ResourceLindormTableLindormTSDBDescription
    GLOBALRevokes permissions on global resources.
    DATABASERevokes permissions on the specified database. DATABASE is equivalent to SCHEMA.
    Note

    LindormTable 2.5.3.3 and later support the DATABASE level. Earlier versions support only SCHEMA.

    TABLERevokes permissions on the specified table.

    Permission levels from highest to lowest: GLOBAL > DATABASE (SCHEMA) > TABLE.

    When using DATABASE, SCHEMA, or TABLE, specify the identifier of the target resource. For example:

    • DATABASE default and SCHEMA default refer to the database named default.

    • TABLE test refers to the table named test.

    User (user_identifier)

    The user from which permissions are revoked.

    Examples

    Revoke all permissions from a user

    Revoke all permissions on the database db1 from user1:

    REVOKE ALL ON DATABASE db1 FROM user1;
-- or
REVOKE ALL ON SCHEMA db1 FROM user1;

    Revoke specific permissions from a user

    Revoke the ADMIN permission on table2 in the database db2 from user2:

    REVOKE ADMIN ON TABLE db2.table2 FROM user2;

    Revoke the WRITE permission on table3 from user3:

    REVOKE WRITE ON TABLE table3 FROM user3;

    Revoke the READ permission at the GLOBAL level from user4:

    REVOKE READ ON GLOBAL FROM user4;