Example 1: Managing User Access with the REVOKE statement
SQL> attach 'filename DB$:ANSI_PERSONNEL';
SQL>
SQL> -- examine current privileges
SQL> show protection on database RDB$DBHANDLE;
Protection on Alias RDB$DBHANDLE
[DOC,DOC_WRITER]:
With Grant Option: SELECT,INSERT,UPDATE,DELETE,SHOW,CREATE,ALTER,DROP,
DBCTRL,OPERATOR,DBADM,SECURITY,DISTRIBTRAN
Without Grant Option: SELECT,INSERT,UPDATE,DELETE,SHOW,CREATE,ALTER,DROP,
DBCTRL,OPERATOR,DBADM,SECURITY,DISTRIBTRAN
[DOC,DOC_READER]:
With Grant Option: NONE
Without Grant Option: SELECT,CREATE
[*,*]:
With Grant Option: NONE
Without Grant Option: NONE
SQL>
SQL> -- revoke selected privileges
SQL> revoke CREATE on database alias RDB$DBHANDLE from DOC_READER;
SQL> revoke DISTRIBTRAN on database alias RDB$DBHANDLE from DOC_WRITER;
SQL> show protection on database RDB$DBHANDLE;
Protection on Alias RDB$DBHANDLE
[DOC,DOC_WRITER]:
With Grant Option: SELECT,INSERT,UPDATE,DELETE,SHOW,CREATE,ALTER,DROP,
DBCTRL,OPERATOR,DBADM,SECURITY
Without Grant Option: SELECT,INSERT,UPDATE,DELETE,SHOW,CREATE,ALTER,DROP,
DBCTRL,OPERATOR,DBADM,SECURITY
[DOC,DOC_READER]:
With Grant Option: NONE
Without Grant Option: SELECT
[*,*]:
With Grant Option: NONE
Without Grant Option: NONE
SQL>
SQL> -- prevent drop by revoking the privilege
SQL> revoke DROP on table * from DOC_READER;
SQL> commit;
Example 2: Revoking a privilege granted with the WITH GRANT
OPTION clause
When the privilege is revoked from the grantee, rdb_doc, who
received the privilege with the WITH GRANT OPTION clause,
the privilege is also revoked from all users who received the
privilege from that grantee.
SQL> SHOW PROTECTION ON TABLE EMPLOYEES;
[*,*]:
With Grant Option: NONE
Without Grant Option: SELECT
[SQL,WARRING]:
With Grant Option: SELECT,INSERT,UPDATE,DELETE,SHOW,CREATE,ALTER,
DROP,DBCTRL,OPERATOR,DBADM,REFERENCES
Without Grant Option: SELECT,INSERT,UPDATE,DELETE,SHOW,CREATE,ALTER,
DROP,DBCTRL,DBADM,REFERENCES
[RDB,RDB_DOC]:
With Grant Option: SHOW
Without Grant Option: NONE
SQL>
SQL> REVOKE SHOW ON EMPLOYEES FROM [rdb,rdb_doc];
SQL> SHOW PROTECTION ON EMPLOYEES;
Protection on Table EMPLOYEES
[*,*]:
With Grant Option: NONE
Without Grant Option: SELECT
[RDB,RDB_DOC]:
With Grant Option: NONE
Without Grant Option: NONE
Example 3: Revoking column privileges
This example shows how to restrict privileges on a specific
column by revoking the UPDATE privilege that has been granted
for that column.
SQL> SHOW PROTECTION ON COLUMN EMPLOYEES.EMPLOYEE_ID;
[RDB,RDB_DOC]:
With Grant Option: NONE
Without Grant Option: UPDATE
SQL> REVOKE UPDATE ON COLUMN EMPLOYEES.EMPLOYEE_ID FROM [rdb,rdb_doc];
SQL> SHOW PROTECTION ON COLUMN EMPLOYEES.EMPLOYEE_ID;
[RDB,RDB_DOC]:
With Grant Option: NONE
Without Grant Option: NONE
Example 4: Revoking DROP Privilege from a Sequence for a User
This example shows the action of REVOKE for a SEQUENCE in an ANSI
style database.
SQL> create sequence EMPLOYEE_ID_GEN;
SQL> grant select on sequence EMPLOYEE_ID_GEN to public;
SQL> grant all privileges on sequence EMPLOYEE_ID_GEN to stuart;
SQL> show protection on sequence EMPLOYEE_ID_GEN;
Protection on Sequence EMPLOYEE_ID_GEN
[DOCS,STUART]:
With Grant Option: NONE
Without Grant Option: SELECT,SHOW,ALTER,DROP,DBCTRL,REFERENCES
[DOCS,FREEMAN]:
With Grant Option: SELECT,SHOW,ALTER,DROP,DBCTRL,REFERENCES
Without Grant Option: NONE
[*,*]:
With Grant Option: NONE
Without Grant Option: SELECT
SQL> revoke drop on sequence EMPLOYEE_ID_GEN from stuart;
SQL> show protection on sequence EMPLOYEE_ID_GEN;
Protection on Sequence EMPLOYEE_ID_GEN
[DOCS,STUART]:
With Grant Option: NONE
Without Grant Option: SELECT,SHOW,ALTER,DBCTRL,REFERENCES
[DOCS,FREEMAN]:
With Grant Option: SELECT,SHOW,ALTER,DROP,DBCTRL,REFERENCES
Without Grant Option: NONE
[*,*]:
With Grant Option: NONE
Without Grant Option: SELECT
SQL>