Any user's permissions are a combination of those that have been granted and those that have been revoked. By revoking and granting permissions, you can manage the pattern of user permissions on a database.
The REVOKE statement is the exact converse of the GRANT statement. To disallow M_Haneef from executing my_procedure, the command is:
REVOKE EXECUTE ON my_procedure FROM M_Haneef
This command must be issued by the DBA or by the owner of the procedure.
Permission to delete rows from sample_table can be revoked by issuing the command:
REVOKE DELETE ON sample_table FROM M_Haneef
WARNING! Before you revoke privileges or drop a user, be aware of the following restrictions:
Before issuing REVOKE CONNECT or sp_dropuser, you must remove any objects, such as tables, owned by that user. If you try to revoke a user's connect privileges or use the stored procedure sp_dropuser while the user owns any database objects, you receive an error.
Procedures like sp_dropuser provide minimal compatibility with Adaptive Server Enterprise stored procedures. If you are accustomed to Adaptive Server Enterprise (or Sybase IQ 11.x) stored procedures, you should compare their text with Sybase IQ 12 procedures before using the procedure in dbisql. To compare, use the command
sp_helptext 'owner.procedure_name'
For all system stored procedures delivered by Sybase, the owner is dbo. To see the text of a stored procedure of the same name owned by a different user, you must specify that user, for example:
sp_helptext 'myname.myprocedure'
Never drop the DBA user for a multiplex database. Doing so makes the database unusable.
