OrientDB Manual 1.7.8

Console - REVOKE

The SQL Revoke command changes the permission of a role revoking the access to one or more resources.

Syntax

REVOKE <permission> ON <resource> FROM <role>

Where:

  • permission can be:
  • NONE, no permission
  • CREATE, to create the indicated resource
  • READ, to read the indicated resource
  • UPDATE, to update the indicated resource
  • DELETE, to delete the indicated resource
  • ALL, all permissions
  • resource, the target resource where to change the permissions
  • database, as the access to the whole database
  • database.class, as the access to the records contained in a class. Use ** to indicate all the classes
  • database.cluster, as the access to the records contained in a cluster. Use ** to indicate all the clusters
  • database.query, as the ability to execute query (READ is enought)
  • database.command, as the ability to execute SQL commands. CREATE is for SQL-Insert, READ is for SQL SELECT, UPDATE for SQL-Update and DELETE is for SQL-Delete
  • database.config, as the ability to access to the configuration. Valid permissions are READ and UPDATE
  • database.hook.record, as the ability to set hooks
  • server.admin, as the ability to access to the server resources
  • role, the role name

Examples

Revoke the permission to delete any records in any cluster to the role "backoffice".

REVOKE delete ON database.cluster.* TO backoffice

To know more about other SQL commands look at SQL commands.

This is a command of the Orient console. To know all the commands go to Console-Commands.