Try OpenEdge Now
skip to main content
SQL Reference
SQL Reference : OpenEdge SQL Statements : REVOKE
 

REVOKE

Revokes various privileges from the specified users of the database. There are two forms of the REVOKE statement:
*Revoke database-wide privileges, either system administration (DBA), general creation (RESOURCE), audit administration (AUDIT_ADMIN), audit archive (AUDIT_ARCHIVE), or audit insert (AUDIT_INSERT)
*Revoke various privileges on specific tables and views

Syntax

REVOKE { RESOURCE , DBA, AUDIT_ADMIN, AUDIT_ARCHIVE, AUDIT_INSERT}
   FROM {user_identifier[ , user_identifier] , ...}  
 [ RESTRICT | CASCADE ]  
 [ GRANTED BY ANY_USER ];

Parameters

RESOURCE
Revokes the privilege to issue CREATE statement for specified users.
DBA
Revokes the privilege to create, access, modify, or delete any database object, and revokes the privilege to grant other users any privileges for specified users.
AUDIT_ADMIN
Revokes the privilege to administer and maintain a database auditing system for specified users.
AUDIT_ARCHIVE
Revokes the privilege to read and delete audit records for specific users.
AUDIT_INSERT
Revokes the privilege to insert application audit records for specified users.
FROM user_identifier[ , user_identifier] , ...
Revokes the specified privileges on the table or view from the specified list of users.
RESTRICT | CASCADE
Prompts SQL to check if the privilege being revoked was passed onto other users. If the original privilege was included the WITH GRANT OPTION clause, then the REVOKE statement fails and generates an error. If the privilege was not passed on, the REVOKE statement succeeds.
If the REVOKE statement specifies CASCADE, revoking the access privileges from a user also revokes the privileges from all users who received the privilege from that user.
If the REVOKE statement does not specify either RESTRICT or CASCADE, then the behavior follows only CASCADE.
user_identifier
Identifies a username. For a tenant user, you must mention the fully qualified user name, username@domain_name, to revoke access from a user.
Uses the following syntax:
username | username@domain_name
Note: CASCADE is not supported for AUDIT_ADMIN, AUDIT_ARCHIVE, and AUDIT_INSERT privileges. The only user who can revoke an audit privilege is the user who granted it.
GRANTED BY ANY_USER
A DBA can use this phrase to revoke all access privileges to a table for a specified user, even if the user was the creator of the table. This phrase is only applicable to users with DBA privileges.

Example

In this example, the audit administration privilege is revoked from bsmith:
REVOKE AUDIT_ADMIN FROM bsmith RESTRICT;
* Syntax to revoke privileges on specific tables and views
* Authorization
* Related statement