The table owner or the SSO can revoke decrypt permission on a table or a list of columns in a table if you have not configured restricted decrypt permission. If you have configured restricted decrypt permission, only the SSO can revoke decrypt permission.
The syntax is:
revoke decrypt on [owner.] tablename[(columnname [{,columname}])] from user | group | role
