Revokes object privileges from one or more idents.
where routine-specification is:
Usage
Embedded, Interactive, Module, ODBC, JDBC.
Description
The specified object privilege is revoked from the ident(s) listed. If the privilege is revoked from a GROUP ident, all members of the group lose the privilege.
The object privileges are described under GRANT OBJECT PRIVILEGE.
The GRANT OPTION FOR clause specifies that only the WITH GRANT OPTION is to be revoked from the specified instance(s) of the privilege(s).
The keywords CASCADE and RESTRICT specifies whether the REVOKE statement will allow recursive effects that causes views to be dropped or FOREIGN KEY constraints to be removed, because access privileges are revoked as a result of a REVOKE MEMBER statement. See the Notes section for REVOKE ACCESS PRIVILEGE for a description of when views are dropped and FOREIGN KEY constraints are removed due to recursive effects.
If CASCADE is specified, such recursive effects will be allowed.
If RESTRICT is specified, the REVOKE statement will return an error if it would cause such recursive effects, and no access privileges will be revoked.
If neither CASCADE nor RESTRICT is specified, then RESTRICT is implicit.
Restrictions
Privileges may only be explicitly revoked by the grantor.
Notes
If an object privilege has been granted to the same ident more than once (by different grantors), the REVOKE statement will only revoke (or will revoke the WITH GRANT OPTION from) the single instance of the privilege that was granted by the current ident.
The object rights attached to the privilege (or the WITH GRANT OPTION) will only be lost when the last instance of the privilege has been revoked.
Revoking object privileges has recursive effects. Privileged actions are performed under the authorization of the most recently granted instance of the access.
When the last instance of a privilege WITH GRANT OPTION is revoked, all instances of the privilege granted by the ident under that authorization are recursively revoked.
If MEMBER privilege on a group is revoked from an ident, all privileges granted through the group are revoked from the ident.
An ident may not revoke privileges from himself.
Revoking TABLE privilege does not drop the tables created when the privilege was held.
Revoking SEQUENCE privilege does not drop the sequences created when the privilege was held.
Revoking USAGE privilege on a domain, user defined type or sequence preserves the uses of the domain, user defined type or sequence which were set up when the privilege was held, however, new instances of usage of the domain, user defined type or sequence are prevented.
Revoking USAGE privilege on a user defined type will also revoke EXECUTE privilege on any function for which EXECUTE was granted implicitly in conjunction with executing a GRANT USAGE ON TYPE statement. (See GRANT OBJECT PRIVILEGE.)
Revoking EXECUTE privilege immediately prevents the ident from invoking the routine or entering the PROGRAM ident.
Example
REVOKE EXECUTE ON PROCEDURE coming_soon FROM joe, jane;
For more information, see the Mimer SQL User's Manual, Revoking Object Privileges.
Standard Compliance
|
Standard |
Compliance |
Comments |
|---|---|---|
|
SQL-2016 |
Core |
Fully compliant. |
|
SQL-2016 |
Features outside core |
Feature F034, “Extended REVOKE statement” support for REVOKE CASCADE and REVOKE GRANT OPTION FOR. Feature F251, “Domain support” support for revoke usage on domain. Feature F690, “Collation support” support for revoke usage on collation. |
|
|
Mimer SQL extension |
Revoke MEMBER, revoke SEQUENCE, revoke TABLE and revoke EXECUTE (on statement and program) are Mimer SQL extensions |