- Release Notes
- Get Started
- Clusters
- Cloud Settings
- Table Type
- Query Data Lakes
- Integration
- Query Acceleration
- Data Loading
- Concepts
- Batch load data from Amazon S3
- Batch load data from Azure cloud storage
- Load data from a local file system
- Load data from Confluent Cloud
- Load data from Amazon MSK
- Load data from Amazon Kinesis
- Data Unloading
- Data Backup
- Security
- Console Access Control
- Data Access Control
- Application keys
- Service accounts
- Use SSL connection
- Alarm
- Usage and Billing
- Organizations and Accounts
- Reference
- Amazon Web Services (AWS)
- Microsoft Azure
- SQL Reference
- Keywords
- ALL statements
- User Account Management
- Cluster Management
- ADMIN CANCEL REPAIR
- ADMIN CHECK TABLET
- ADMIN REPAIR
- ADMIN SET CONFIG
- ADMIN SET REPLICA STATUS
- ADMIN SHOW CONFIG
- ADMIN SHOW REPLICA DISTRIBUTION
- ADMIN SHOW REPLICA STATUS
- ALTER RESOURCE GROUP
- ALTER SYSTEM
- CANCEL DECOMMISSION
- CREATE FILE
- CREATE RESOURCE GROUP
- DROP FILE
- DROP RESOURCE GROUP
- EXPLAIN
- INSTALL PLUGIN
- SET
- SHOW BACKENDS
- SHOW BROKER
- SHOW COMPUTE NODES
- SHOW FRONTENDS
- SHOW FULL COLUMNS
- SHOW INDEX
- SHOW PLUGINS
- SHOW PROCESSLIST
- SHOW RESOURCE GROUP
- SHOW TABLE STATUS
- SHOW FILE
- SHOW VARIABLES
- UNINSTALL PLUGIN
- DDL
- ALTER DATABASE
- ALTER MATERIALIZED VIEW
- ALTER TABLE
- ALTER VIEW
- ANALYZE TABLE
- BACKUP
- CANCEL ALTER TABLE
- CANCEL BACKUP
- CANCEL RESTORE
- CREATE ANALYZE
- CREATE DATABASE
- CREATE EXTERNAL CATALOG
- CREATE INDEX
- CREATE MATERIALIZED VIEW
- CREATE REPOSITORY
- CREATE TABLE AS SELECT
- CREATE TABLE LIKE
- CREATE TABLE
- CREATE VIEW
- CREATE FUNCTION
- DROP ANALYZE
- DROP STATS
- DROP CATALOG
- DROP DATABASE
- DROP INDEX
- DROP MATERIALIZED VIEW
- DROP REPOSITORY
- DROP TABLE
- DROP VIEW
- DROP FUNCTION
- KILL ANALYZE
- RECOVER
- REFRESH EXTERNAL TABLE
- RESTORE
- SET CATALOG
- SHOW ANALYZE JOB
- SHOW ANALYZE STATUS
- SHOW META
- SHOW FUNCTION
- TRUNCATE TABLE
- USE
- DML
- ALTER LOAD
- ALTER ROUTINE LOAD
- BROKER LOAD
- CANCEL LOAD
- CANCEL EXPORT
- CANCEL REFRESH MATERIALIZED VIEW
- CREATE ROUTINE LOAD
- DELETE
- EXPORT
- GROUP BY
- INSERT
- PAUSE ROUTINE LOAD
- RESUME ROUTINE LOAD
- REFRESH MATERIALIZED VIEW
- SELECT
- SHOW ALTER
- SHOW ALTER MATERIALIZED VIEW
- SHOW BACKUP
- SHOW CATALOGS
- SHOW CREATE CATALOG
- SHOW CREATE MATERIALIZED VIEW
- SHOW CREATE TABLE
- SHOW CREATE VIEW
- SHOW DATA
- SHOW DATABASES
- SHOW DELETE
- SHOW DYNAMIC PARTITION TABLES
- SHOW EXPORT
- SHOW LOAD
- SHOW MATERIALIZED VIEW
- SHOW PARTITIONS
- SHOW REPOSITORIES
- SHOW RESTORE
- SHOW ROUTINE LOAD
- SHOW ROUTINE LOAD TASK
- SHOW SNAPSHOT
- SHOW TABLES
- SHOW TABLET
- SHOW TRANSACTION
- STOP ROUTINE LOAD
- STREAM LOAD
- SUBMIT TASK
- UPDATE
- Auxiliary Commands
- Data Types
- Keywords
- SQL Functions
- Function list
- Java UDFs
- Window functions
- Lambda expression
- Date Functions
- add_months
- adddate
- convert_tz
- current_date
- current_time
- current_timestamp
- date
- date_add
- date_diff
- date_format
- date_slice
- date_sub, subdate
- date_trunc
- datediff
- day
- dayofweek_iso
- dayname
- dayofmonth
- dayofweek
- dayofyear
- days_add
- days_diff
- days_sub
- from_days
- from_unixtime
- hour
- hours_add
- hours_diff
- hours_sub
- jodatime_format
- last_day
- makedate
- microseconds_add
- microseconds_sub
- minute
- minutes_add
- minutes_diff
- minutes_sub
- month
- monthname
- months_add
- months_diff
- months_sub
- next_day
- now
- previous_day
- quarter
- second
- seconds_add
- seconds_diff
- seconds_sub
- str_to_date
- str_to_jodatime
- str2date
- time_slice
- time_to_sec
- timediff
- timestamp
- timestampadd
- timestampdiff
- to_date
- to_days
- to_iso8601
- to_tera_date
- to_tera_timestamp
- unix_timestamp
- utc_timestamp
- week
- week_iso
- weekofyear
- weeks_add
- weeks_diff
- weeks_sub
- year
- years_add
- years_diff
- years_sub
- Aggregate Functions
- any_value
- approx_count_distinct
- array_agg
- avg
- bitmap
- bitmap_agg
- count
- count_if
- corr
- covar_pop
- covar_samp
- group_concat
- grouping
- grouping_id
- hll_empty
- hll_hash
- hll_raw_agg
- hll_union
- hll_union_agg
- max
- max_by
- min
- min_by
- multi_distinct_sum
- multi_distinct_count
- percentile_approx
- percentile_cont
- percentile_disc
- retention
- stddev
- stddev_samp
- sum
- variance, variance_pop, var_pop
- var_samp
- window_funnel
- Geographic Functions
- String Functions
- append_trailing_char_if_absent
- ascii
- char
- char_length
- character_length
- concat
- concat_ws
- ends_with
- find_in_set
- group_concat
- hex
- hex_decode_binary
- hex_decode_string
- instr
- lcase
- left
- length
- locate
- lower
- lpad
- ltrim
- money_format
- null_or_empty
- parse_url
- repeat
- replace
- reverse
- right
- rpad
- rtrim
- space
- split
- split_part
- substring_index
- starts_with
- strleft
- strright
- str_to_map
- substring
- trim
- ucase
- unhex
- upper
- url_decode
- url_encode
- Pattern Matching Functions
- JSON Functions
- Overview of JSON functions and operators
- JSON operators
- JSON constructor functions
- JSON query and processing functions
- Bit Functions
- Bitmap Functions
- Array Functions
- all_match
- any_match
- array_agg
- array_append
- array_avg
- array_concat
- array_contains
- array_contains_all
- array_cum_sum
- array_difference
- array_distinct
- array_filter
- array_generate
- array_intersect
- array_join
- array_length
- array_map
- array_max
- array_min
- array_position
- array_remove
- array_slice
- array_sort
- array_sortby
- array_sum
- arrays_overlap
- array_to_bitmap
- cardinality
- element_at
- reverse
- unnest
- Map Functions
- Binary Functions
- cast function
- hash function
- Cryptographic Functions
- Math Functions
- Pattern Matching Functions
- Percentile Functions
- Scalar Functions
- Struct Functions
- Table Functions
- Utility Functions
- AUTO_INCREMENT
- Generated columns
- System variables
- System limits
- Information Schema
- Overview
- be_bvars
- be_cloud_native_compactions
- be_compactions
- character_sets
- collations
- column_privileges
- columns
- engines
- events
- global_variables
- key_column_usage
- load_tracking_logs
- loads
- materialized_views
- partitions
- pipe_files
- pipes
- referential_constraints
- routines
- schema_privileges
- schemata
- session_variables
- statistics
- table_constraints
- table_privileges
- tables
- tables_config
- task_runs
- tasks
- triggers
- user_privileges
- views
- System Metadatabase
- API
- Overview
- Actions
- Clusters
- Create and Manage Clusters
- Query Clusters
- Identity and Access Management
- Organization and Account
- Usage and Billing
- Clusters
- Terraform Provider
- Run scripts
REVOKE
Description
Revokes specific privileges or roles from a user or a role. For the privileges supported by CelerData, see Privileges.
NOTE
Only the
user_admin
role can perform this operation.
Syntax
Revoke privileges
The privileges that can be revoked are object-specific. The following part describes syntax based on objects.
-- System
REVOKE
{ CREATE EXTERNAL CATALOG | REPOSITORY }
ON SYSTEM
FROM { ROLE | USER } {<role_name>|<username>}
-- User
REVOKE IMPERSONATE ON USER <username> FROM USER <username>;
-- Global UDF
REVOKE
{ USAGE | DROP | ALL [PRIVILEGES]}
ON { GLOBAL FUNCTION <function_name>(input_data_type) [, <function_name>(input_data_type),...]
| ALL GLOBAL FUNCTIONS }
FROM { ROLE | USER} {<role_name>|<username>}
-- Internal catalog
REVOKE
{ USAGE | CREATE DATABASE | ALL [PRIVILEGES]}
ON CATALOG default_catalog
FROM { ROLE | USER} {<role_name>|<username>}
-- External catalog
REVOKE
{ USAGE | DROP | ALL [PRIVILEGES] }
ON { CATALOG <catalog_name> [, <catalog_name>,...] | ALL CATALOGS}
FROM { ROLE | USER} {<role_name>|<username>}
-- Database
REVOKE
{ ALTER | DROP | CREATE TABLE | CREATE VIEW | CREATE FUNCTION | CREATE MATERIALIZED VIEW | ALL [PRIVILEGES] }
ON { DATABASE <database_name> [, <database_name>,...] | ALL DATABASES }
FROM { ROLE | USER} {<role_name>|<username>}
-- Note: You must first run SET CATALOG before you run this command.
-- Table
REVOKE
{ ALTER | DROP | SELECT | INSERT | EXPORT | UPDATE | DELETE | ALL [PRIVILEGES]}
ON { TABLE <table_name> [, < table_name >,...]
| ALL TABLES} IN
{ DATABASE <database_name> | ALL DATABASES }
FROM { ROLE | USER} {<role_name>|<username>}
-- You must first run SET CATALOG before you run this command.
-- You can also use db.tbl to represent a table.
REVOKE <priv> ON TABLE db.tbl FROM {ROLE <role_name> | USER <username>}
-- View
REVOKE
{ ALTER | DROP | SELECT | ALL [PRIVILEGES]}
ON { VIEW <view_name> [, < view_name >,...]
| ALL VIEWS} IN
{ DATABASE <database_name> | ALL DATABASES }
FROM { ROLE | USER} {<role_name>|<username>}
-- You must first run SET CATALOG before you run this command.
-- You can also use db.view to represent a view.
REVOKE <priv> ON VIEW db.view FROM {ROLE <role_name> | USER <username>}
-- Materialized view
REVOKE
{ SELECT | ALTER | REFRESH | DROP | ALL [PRIVILEGES]}
ON { MATERIALIZED VIEW <mv_name> [, < mv_name >,...]
| ALL MATERIALIZED VIEWS} IN
{ DATABASE <database_name> | ALL [DATABASES] }
FROM { ROLE | USER} {<role_name>|<username>}
-- You must first run SET CATALOG before you run this command.
-- You can also use db.mv to represent an mv.
REVOKE <priv> ON MATERIALIZED VIEW db.mv FROM {ROLE <role_name> | USER <username>}
-- Function
REVOKE
{ USAGE | DROP | ALL [PRIVILEGES]}
ON { FUNCTION <function_name>(input_data_type) [, < function_name >(input_data_type),...]
| ALL FUNCTIONS} IN
{ DATABASE <database_name> | ALL DATABASES }
FROM { ROLE | USER} {<role_name>|<username>}
-- You must first run SET CATALOG before you run this command.
-- You can also use db.function to represent a function.
REVOKE <priv> ON FUNCTION db.function FROM {ROLE <role_name> | USER <username>}
Revoke roles
REVOKE <role_name> [,<role_name>, ...] FROM ROLE <role_name>
REVOKE <role_name> [,<role_name>, ...] FROM USER <username>
Parameters
Parameter | Description |
---|---|
role_name | The role name. |
username | The username. |
function_name | The function name. |
catalog_name | The name of the External Catalog. |
database_name | The database name. |
table_name | The table name. |
view_name | The view name. |
mv_name | The name of the materialized view. |
Examples
Revoke privileges
Revoke the SELECT privilege on table sr_member
from user jack
:
REVOKE SELECT ON TABLE sr_member FROM USER 'jack';
Revoke roles
Revoke the role example_role
from user jack
:
REVOKE example_role FROM 'jack';
Revoke the role example_role
from role test_role
:
REVOKE example_role FROM ROLE 'test_role';