Removes permissions for specified users.
Syntax 1
REVOKE
{ CONNECT | DBA | INTEGRATED LOGIN | GROUP
| MEMBERSHIP IN GROUP userid [, ...] | RESOURCE }
... FROM userid [, ...]
Syntax 2
REVOKE
{ ALL [PRIVILEGES] | ALTER | DELETE | INSERT
| REFERENCE | SELECT [ ( column-name [, ...] ) ] | UPDATE [ ( column-name,... ) ] }
... ON [ owner.]table-name FROM userid [, ...]
Syntax 3
REVOKE EXECUTE ON [ owner.]procedure-name FROM userid [, ...]
Prevents user “dave” from inserting into the employee table:
REVOKE INSERT ON employee FROM dave ;
Revokes resource permission from user “Jim”:
REVOKE RESOURCE FROM Jim ;
Prevents user “dave” from updating the employee table:
REVOKE UPDATE ON employee FROM dave ;
Revokes integrated login mapping from the user profile name “Administrator”:
REVOKE INTEGRATED LOGIN FROM Administrator ;
Disallows the finance group from executing the procedure sp_customer_list:
REVOKE EXECUTE ON sp_customer_list FROM finance ;
Drops user ID “FranW” from the database:
REVOKE CONNECT FROM FranW ;
The REVOKE statement is used to remove permissions that were given using the GRANT statement. Syntax 1 is used to revoke special user permissions and Syntax 2 is used to revoke table permissions. Syntax 3 is used to revoke permission to execute a procedure. REVOKE CONNECT is used to remove a user ID from a database.
If Login Management is enabled for the database, you
must use system procedures, not GRANT and REVOKE,
to add and remove user IDs.
REVOKE GROUP automatically revokes membership from all members of the group.
By default, you can only remove users with REVOKE CONNECT on a multiplex write server. To enable REVOKE CONNECT on query servers, you must set the database option MPX_LOCAL_SPEC_PRIV to change the default. For details, see “MPX_LOCAL_SPEC_PRIV option”.
You cannot revoke a user’s connect privileges
if that user owns database objects, such as tables. Attempting to
do so with a REVOKE statement or sp_dropuser procedure
returns an error such as “Cannot drop a user that owns tables
in runtime system.”
Automatic commit.
SQL92 Syntax 1 is a vendor extension. Syntax 2 is an entry-level feature. Syntax 3 is a Persistent Stored Module feature.
Sybase Syntax 2 and 3 are supported by Adaptive Server Enterprise. Syntax 1 is not supported by Adaptive Server Enterprise. User management and security models are different for Sybase IQ and Adaptive Server Enterprise.
Must be the grantor of the permissions that are being revoked, or must have DBA authority.
If revoking CONNECT permissions or revoking table permissions from another user, the other user must not be connected to the database.
