REVOKE PERMISSION
This page documents the preview version (v2.23). Preview includes features under active development and is for development and testing only. For production, use the stable version (v2024.1). To learn more, see Versioning.
Synopsis
Use the REVOKE PERMISSION
statement to revoke a permission (or all the granted permissions) from a role.
When a database object is deleted (keyspace, table, or role), all the permissions on that object are automatically deleted.
This statement is enabled by setting the YB-TServer flag --use_cassandra_authentication
to true
.
Syntax
Diagram
revoke_permission
all_permissions
permission
resource
Grammar
revoke_permission := REVOKE all_permission | permission ON resource FROM role_name;
all_permissions := ALL [ PERMISSIONS ]
permission := ( CREATE | ALTER | DROP | SELECT | MODIFY | AUTHORIZE | DESCRIBE | EXECUTE ) [ PERMISSION ]
resource := ALL ( KEYSPACES | ROLES ) | KEYSPACE keyspace_name | [ TABLE ] table_name | ROLE role_name;
Where
keyspace_name
,table_name
, androle_name
are text identifiers (table_name
may be qualified with a keyspace name).
Semantics
Permission AUTHORIZE
on ALL ROLES
or on the role being used in the statement is necessary. Otherwise, an unauthorized error will be returned.
Examples
ycqlsh:example> REVOKE CREATE ON KEYSPACE qa FROM fred;