SQL - REVOKE
The Revoke command change the permission of a role revoking the access to one or more resources.
Syntax
REVOKE <permission> ON <resource> FROM <role>
Where:
- permission can be:
- NONE, no permission
- CREATE, to create the indicated resource
- READ, to read the indicated resource
- UPDATE, to update the indicated resource
- DELETE, to delete the indicated resource
- ALL, all permissions
- resource, the target resource where to change the permissions
- database, as the access to the whole database
- database.class, as the access to the records contained in a class. Use
*
to indicate all the classes
- database.cluster, as the access to the records contained in a cluster. Use
*
to indicate all the clusters
- database.query, as the ability to execute query (READ is enought)
- database.command, as the ability to execute SQL commands. CREATE is for SQL-Insert, READ is for SQL SELECT, UPDATE for SQL-Update and DELETE is for SQL-Delete
- database.config, as the ability to access to the configuration. Valid permissions are READ and UPDATE
- database.hook.record, as the ability to set hooks
- server.admin, as the ability to access to the server resources
- role, the role name
Examples
Revoke the permission to delete any records in any cluster to the role "backoffice".
REVOKE delete ON database.cluster.* TO backoffice
To know more about other SQL commands look at SQL commands.