| Oracle® TimesTen In-Memory Database SQL Reference Release 11.2.1 Part Number E13070-03 |
|
|
View PDF |
| Oracle® TimesTen In-Memory Database SQL Reference Release 11.2.1 Part Number E13070-03 |
|
|
View PDF |
The REVOKE statement removes one or more privileges from a user.
Required privilege
ADMIN to revoke system privileges.
ADMIN or object owner to revoke object privileges.
SQL syntax
REVOKE {SystemPrivilege [ , … ] | ALL [PRIVILEGES]} FROM {user |PUBLIC} [,...]
REVOKE {{ObjectPrivilege [,...] | ALL [PRIVILEGES]} ON {[owner.object}} [,...] FROM {user | PUBLIC}[,...]
Parameters
Revoking system privileges:
| Parameter | Description |
|---|---|
SystemPrivilege |
See "System privileges" for a list of acceptable values. |
ALL [PRIVILEGES] |
Revokes all system privileges from the user. |
user |
Name of the user from whom privileges are being revoked. The user name must first have been introduced to the TimesTen database by a CREATE USER statement. |
PUBLIC |
Specifies that the privilege is revoked for all users. |
Revoking object privileges:
| Parameter | Description |
|---|---|
ObjectPrivilege |
See "Object privileges" for a list of acceptable values. |
ALL [PRIVILEGES] |
Revokes all object privileges from the user. |
user |
Name of the user from whom privileges are to be revoked. The user name must first have been introduced to the TimesTen database through a CREATE USER statement. |
[owner.]object |
object is the name of the object on which privileges are being revoked. owner is the owner of the object. If owner is not specified, then the user who is revoking the privilege is assumed to the be the owner. |
PUBLIC |
Specifies that the privilege is revoked for all users. |
Privileges on objects cannot be revoked from the owner of the objects.
Any user who can grant a privilege can revoke the privilege even if they were not the user who originally granted the privilege.
Privileges must be revoked at the same level they were granted. You cannot revoke an object privilege from a user who has the associated system privilege. For example, if you grant SELECT ANY TABLE to a user and then try to revoke SELECT ON bob.table1, the revoke fails unless you have specifically granted SELECT ON bob.table1 in addition to SELECT ANY TABLE.
If a user has been granted all system privileges, you can revoke a specific privilege. For example, you can revoke ALTER ANY TABLE from a user who has been granted all system privileges.
If a user has been granted all object privileges, you can revoke a specific privilege on a specific object from the user. For example, you can revoke the DELETE privilege on table customers from user terry even if terry has previously been granted all object privileges.
You can revoke all privileges from a user even if the user has not previously been granted all privileges.
You cannot revoke a specific privilege from a user who has not been granted the privilege.
You cannot revoke privileges on objects owned by a user.
You cannot revoke system privileges and object privileges in the same statement.
You can specify only one object in an object privilege statement.
Examples
Revoke the ADMIN privilege from the user terry:
REVOKE admin, ddl FROM terry;
Assuming the revoker has ADMIN privilege, revoke the UPDATE privilege from terry on the customers table owned by pat:
REVOKE update ON pat.customers FROM terry;
See also
|
 Copyright © 1996, 2009, Oracle and/or its affiliates. All rights reserved. Legal Notices |
|