Switch to: V14V13V12V11V10V9V8V7V6V5

REVOKE PRIVILEGES

[NEW in v4.0] - Server, Database/Project privileges.
[NEW in v13.0] - Table privileges.

Syntax

revoke_privilege_statement
    :    REVOKE PRIVILEGES FROM grantee_list 

privileges
    :    ALL [PRIVILEGES] ON object_name

object_name
    :    DATABASE db_name 	  	[.*]
    |    PROJECT  vext_project_name 	[.*]
    |    TABLE    table_name

grantee_list
    :    character_string_literal (COMMA! character_string_literal)*

Arguments

object_name

the name of the object for which privileges are revoked.
In the case of table privileges - a fully qualified name is required (“db1.t1” instead of “t1”).

grantee_list

the list of users for which some privileges are revoked for a particular object.

privileges

It could be ALL or one of the following:

  • NONE - No privileges.
  • READ - Read privilege (can be used for DB only).
  • INSERT - Insert privilege.
  • UPDATE - Update privilege.
  • DELETE - Delete privilege.

Description

This command forces Valentina Server to revoke the privileges for the particular objects from users mentioned in the grantee list. This command is available for the ADMINISTRATOR of vserver only.

  • Please note, it is hierarchy-like permissions. Assume the database has “insert” permission, so “insert” is allowed for any table for the user. But if a particular table has its own set of permissions - the parent's db rules are ignored.
  • Also note - changing permissions for the user does not affect active sessions.

  • You have always to leave at least READ privilege to the DB. Otherwise, the DB would not even be able to open for the user.


Errors

  • ERR_CONNECTION_OPERATION_NOT_PERMITTED - Valentina is running in local mode or the query-issuer is not an administrator of Valentina Server.
  • ERR_CONNECTION_USER_NOT_EXISTS - some user mentioned in grantee_list is not exist.
  • ERR_DB_NOT_FOUND - database with the specified name is not registered to Valentina Server.
  • ERR_DB_IDENTIFIER_NOT_FOUND - The database does not contain the object with the specified name.

Examples

Example:

REVOKE ALL ON DATABASE db1.* FROM 'User1';

Examples for Tables

Example:

Suppose you have full access to all the tables except t1, which is available for insert/delete only:

GRANT ALL ON DATABASE db1.* TO 'User1';

GRANT INSERT, DELETE ON TABLE "db1.t1" TO 'User1';

Now you want to revoke insert privilege:

REVOKE INSERT ON TABLE "db1.t1" FROM 'User1';