All Products
Search

This Product

    Lindorm:REVOKE

    Document Center

    Lindorm:REVOKE

    Last Updated:Apr 08, 2024

    You can use the REVOKE syntax to revoke the specified permissions from a user. You can use the SHOW PRIVILEGES syntax to view the permissions granted to all users first. Then, you can use the REVOKE syntax to revoke improper permissions from the specified user.

    Applicable engines and versions

    The REVOKE syntax is applicable to all versions of LindormTable and LindormTSDB.

    Syntax

    revoke_permission_statement ::=  REVOKE privilege_definition ON resource_definition FROM user_identifier
privilege_definition        ::=  ALL | ALL PRIVILEGE| READ | WRITE | ADMIN | TRASH | SYSTEM
resource_definition         ::=  GLOBAL | DATABASE identifier | SCHEMA identifier | TABLE identifier

    Parameters

    Whether a REVOKE statement can be executed successfully depends on the permissions that are granted to the user who executes the statement. For more information, see User and permission management.

    Permission (privilege_definition)

    The following table describes the permissions that can be revoked.

    Permission

    Description

    ALL or ALL PRIVILEGE

    Revoke all permissions on the resources from the user, including READ, WRITE, ADMIN, and TRASH.

    READ

    Revoke the read permission on the resources from the user.

    WRITE

    Revoke the write permission on the resources from the user.

    ADMIN

    Revoke the administrator permission on the resources from the user.

    TRASH

    Revoke the delete permission on the resources from the user.

    SYSTEM

    Revoke the cluster management permissions on the resources from the user. The SYSTEM permission includes the ADMIN permission on the GLOBAL level.

    Resource level (resource_definition)

    • You can revoke permissions on the following levels of resources:

      • GLOBAL: Revoke the permissions on global resources from the user.

      • DATABASE: Revoke the permissions on the specified database from the user. The DATABASE level is equivalent to the SCHEMA level.

        Note

        LindormTable 2.5.3.3 and later versions support the DATABASE level. LindormTable versions earlier than 2.5.3.3 support only the SCHEMA level.

      • TABLE: Revoke the permissions on the specified table from the user.

      The following permission levels from high to low are supported: GLOBAL, DATABASE (SCHEMA), and TABLE.

    • When you use the DATABASE, SCHEMA, or TABLE keyword, you must specify the identifier of the permission level. For example, DATABASE default and SCHEMA default indicates the database named default, and TABLE test indicates the table named test.

    User from which permissions are revoked (user_identifier)

    The user_identifier parameter indicates the user from which permissions are revoked.

    Examples

    Revoke all permissions from a user

    Revoke all permissions on the database db1 from a user named user1. 

    REVOKE ALL ON DATABASE db1 FROM user1;
-- or
REVOKE ALL ON SCHEMA db1 FROM user1;

    Revoke the specified permissions from a user

    • Revoke the ADMIN permission on table2 in the database db2 from a user named user2. 

      REVOKE ADMIN ON TABLE db2.table2 FROM user2;

    • Revoke the WRITE permission on table3 from a user named user3. 

      REVOKE WRITE ON TABLE table3 FROM user3;

    • Revoke the READ permission on the GLOBAL level from a user named user4. 

      REVOKE READ ON GLOBAL FROM user4;