Table of Contents
REVOKE PRIVILEGES
[NEW in v4.0] - Server, Database/Project privileges.
[NEW in v13.0] - Table privileges.
Syntax
revoke_privilege_statement : REVOKE PRIVILEGES FROM grantee_list privileges : ALL [PRIVILEGES] ON object_name object_name : DATABASE db_name [.*] | PROJECT vext_project_name [.*] | TABLE table_name grantee_list : character_string_literal (COMMA! character_string_literal)*
Arguments
object_name
the name of the object for which privileges are revoked.
In the case of table privileges - a fully qualified name is required (“db1.t1” instead of “t1”).
grantee_list
the list of users for which some privileges are revoked for a particular object.
privileges
It could be ALL or one of the following:
NONE - No privileges. READ - Read privilege (can be used for DB only).
INSERT - Insert privilege. UPDATE - Update privilege. DELETE - Delete privilege.
Description
This command forces Valentina Server to revoke the privileges for the particular objects from users mentioned in the grantee list. This command is available for the ADMINISTRATOR of vserver only.
- Please note, it is hierarchy-like permissions. Assume the database has “insert” permission, so “insert” is allowed for any table for the user. But if a particular table has its own set of permissions - the parent's db rules are ignored.
- Also note - changing permissions for the user does not affect active sessions.
- You have always to leave at least READ privilege to the DB. Otherwise, the DB would not even be able to open for the user.
Errors
- ERR_CONNECTION_OPERATION_NOT_PERMITTED - Valentina is running in local mode or the query-issuer is not an administrator of Valentina Server.
- ERR_CONNECTION_USER_NOT_EXISTS - some user mentioned in grantee_list is not exist.
- ERR_DB_NOT_FOUND - database with the specified name is not registered to Valentina Server.
- ERR_DB_IDENTIFIER_NOT_FOUND - The database does not contain the object with the specified name.
Examples
Example:
REVOKE ALL ON DATABASE db1.* FROM 'User1';
Examples for Tables
Example:
Suppose you have full access to all the tables except t1, which is available for insert/delete only:
GRANT ALL ON DATABASE db1.* TO 'User1'; GRANT INSERT, DELETE ON TABLE "db1.t1" TO 'User1';
Now you want to revoke insert privilege:
REVOKE INSERT ON TABLE "db1.t1" FROM 'User1';