This section is an addition to the “Comments” section of the revoke Transact-SQL command description:
You cannot use revoke with the cascade option to revoke privileges granted by the table owner. For example, the owner of a table (UserA) can grant privileges to another user (UserB) as in this scenario:
create table T1 (...) grant select on T1 to UserB
However, the System Administrator cannot revoke UserB’s privileges using the revoke privileges command with the cascade option as in this statement:
revoke select on T1 from UserA cascade
This statement revokes the select privileges of the table owner, but does not revoke those privileges from UserB.
By default, all data manipulation language (DML) operations are revoked implicitly for users other than the table owner. Because the sysprotects table contains no records indicating that the table owner has granted and then revoked privileges, the cascade option in not invoked.You must revoke explicitly the select privilege from UserB.
