撤销

撤销 “从用户和/或角色中删除访问权限。

句法

撤销 rolename [, ...] FROM username

REVOKE { ALTER | EXECUTE } ON PROCEDURE procname FROM { [USER] user | ROLE rolename } [, ...]

REVOKE { ALTER | EXECUTE } ON FUNCTION funcname[/argcount] FROM { [USER] user | ROLE rolename }  [, ...]

REVOKE{ CREATE | ALTER } ON SCHEMA schemaname FROM { [USER] user | ROLE rolename }  [, ...]

REVOKE privilege ON object FROM [ USER ] user | ROLE rolename }  [, ...]

    where user is:
        username |PUBLIC

    where privilege is:
        SELECT|INSERT|UPDATE|DELETE|ALTER|GRANT|TRIGGER | {ALL[PRIVILEGES]}

    and object is:
        ALL TABLES IN SCHEMA schemaname|
        [TABLE]tablename|
        VIEW viewname|
        ALL SEQUENCES IN SCHEMA schemaname|
        SEQUENCE sequencename
        USER username

描述

Removes access privileges. Use the 撤销 statement to:

  • 删除用户的角色或权限。

  • 删除角色的权限。

The 撤销 ALL ON ALL TABLES statement removes privileges on the tables in a schema but not on the schema itself.
删除用户’s特权要在模式中创建表,视图,SQL域类型和序列,使用 撤销 CREATE ON SCHEMA 陈述。删除用户’s privilege to drop a schema, use the 撤销 ALTER ON SCHEMA statement.

参数

rolename

Name of the role from which privileges are revoked. The rolename can be a user ROLE (see 例1) or the NuoDB DBA system ROLE (see 例2.)。角色必须已经存在(见 创建角色 )。

username

用户撤消其权限的用户。

tablename

特权被撤销的表。您还可以指定视图。

schemaname

包含要撤消权限的表和视图的架构。
The 撤销 ALTER | CREATE ON SCHEMA schemaname statement revokes privileges on the schema itself as opposed to the tables in the schema.

procedure_name

撤销权限的存储过程。

例子

示例1:从用户和角色撤消权限。
创建表 salaries (name STRING, hourly_rate NUMBER);

/* Create three new users */
CREATE USER alpha PASSWORD '1922';
CREATE USER delta PASSWORD '6767';
CREATE USER beta PASSWORD '3426';

/* Create two new roles */
CREATE ROLE hr_manager;
CREATE ROLE hr_clerk;

/* Assign Privileges to roles or users */
GRANT ALL ON salaries TO ROLE hr_manager;
GRANT SELECT,DELETE ON salaries TO ROLE hr_clerk;
GRANT SELECT ON salaries TO USER beta;

/* Grant Roles to Users */
GRANT hr_manager TO alpha;
GRANT hr_clerk TO delta;

/* Revoke Privileges from either roles or users */
REVOKE DELETE ON salaries FROM ROLE hr_manager;
REVOKE DELETE ON salaries FROM alpha;
例2.: Revoke DBA system role from a user.
创建用户 alpha PASSWORD '1922';
GRANT system.dba TO alpha DEFAULT;
REVOKE system.dba FROM alpha;