REVOKE PERMISSION

Synopsis

The REVOKE PERMISSION statement is used to revoke a permission (or all the granted permissions) from a role.

When a database object is deleted (keyspace, table, or role), all the permissions on that object are automatically deleted.

This statement is enabled by setting the YB-TServer configuration option use_cassandra_authentication to true.

Syntax

Diagram

revoke_permission

all_permissions

permission

resource

Grammar

revoke_permission := REVOKE all_permission | permission ON resource FROM role_name;
all_permissions := ALL [ PERMISSIONS ]
permission :=  ( CREATE | ALTER | DROP | SELECT | MODIFY | AUTHORIZE | DESCRIBE | EXECUTE ) [ PERMISSION ]
resource := ALL ( KEYSPACES | ROLES ) | KEYSPACE keyspace_name | [ TABLE ] table_name | ROLE role_name;

Where

• keyspace_name, table_name, and role_name are text identifiers (table_name may be qualified with a keyspace name).

Semantics

• Permission AUTHORIZE on ALL ROLES or on the role being used in the statement is necessary. Otherwise, an unauthorized error will be returned.

Examples

cqlsh:example> REVOKE CREATE ON KEYSPACE qa FROM fred;

See also

• ALTER ROLE
• DROP ROLE
• CREATE ROLE
• GRANT ROLE
• REVOKE ROLE
• GRANT PERMISSION