REVOKE PERMISSION
Synopsis
The REVOKE PERMISSION
statement is used to revoke a permission (or all the granted permissions) from a role.
When a database object is deleted (keyspace, table, or role), all the permissions on that object are automatically deleted.
This statement is enabled by setting the YB-TServer configuration option use_cassandra_authentication
to true
.
Syntax
Diagram
revoke_permission
all_permissions
permission
resource
Grammar
revoke_permission := REVOKE all_permission | permission ON resource FROM role_name;
all_permissions := ALL [ PERMISSIONS ]
permission := ( CREATE | ALTER | DROP | SELECT | MODIFY | AUTHORIZE | DESCRIBE | EXECUTE ) [ PERMISSION ]
resource := ALL ( KEYSPACES | ROLES ) | KEYSPACE keyspace_name | [ TABLE ] table_name | ROLE role_name;
Where
keyspace_name
,table_name
, androle_name
are text identifiers (table_name
may be qualified with a keyspace name).
Semantics
- Permission
AUTHORIZE
onALL ROLES
or on the role being used in the statement is necessary. Otherwise, an unauthorized error will be returned.
Examples
cqlsh:example> REVOKE CREATE ON KEYSPACE qa FROM fred;
See also
当前内容版权归 YugabyteDB 或其关联方所有,如需对内容或内容相关联开源项目进行关注与资助,请访问 YugabyteDB .