/usr/man/cat.l/revoke.l.Z(/usr/man/cat.l/revoke.l.Z)
NAME
REVOKE - remove access privileges
SYNOPSIS
REVOKE [ GRANT OPTION FOR ]
{ { SELECT | INSERT | UPDATE | DELETE | RULE | REFERENCES | TRIGGER }
[,...] | ALL [ PRIVILEGES ] }
ON [ TABLE ] tablename [, ...]
FROM { username | GROUP groupname | PUBLIC } [, ...]
[ CASCADE | RESTRICT ]
REVOKE [ GRANT OPTION FOR ]
{ { CREATE | TEMPORARY | TEMP } [,...] | ALL [ PRIVILEGES ] }
ON DATABASE dbname [, ...]
FROM { username | GROUP groupname | PUBLIC } [, ...]
[ CASCADE | RESTRICT ]
REVOKE [ GRANT OPTION FOR ]
{ EXECUTE | ALL [ PRIVILEGES ] }
ON FUNCTION funcname ([type, ...]) [, ...]
FROM { username | GROUP groupname | PUBLIC } [, ...]
[ CASCADE | RESTRICT ]
REVOKE [ GRANT OPTION FOR ]
{ USAGE | ALL [ PRIVILEGES ] }
ON LANGUAGE langname [, ...]
FROM { username | GROUP groupname | PUBLIC } [, ...]
[ CASCADE | RESTRICT ]
REVOKE [ GRANT OPTION FOR ]
{ { CREATE | USAGE } [,...] | ALL [ PRIVILEGES ] }
ON SCHEMA schemaname [, ...]
FROM { username | GROUP groupname | PUBLIC } [, ...]
[ CASCADE | RESTRICT ]
DESCRIPTION
The REVOKE command revokes previously granted privileges from one or
more users or groups of users. The key word PUBLIC refers to the
implicitly defined group of all users.
See the description of the GRANT [grant(l)] command for the meaning of
the privilege types.
Note that any particular user will have the sum of privileges granted
directly to him, privileges granted to any group he is presently a mem-
ber of, and privileges granted to PUBLIC. Thus, for example, revoking
SELECT privilege from PUBLIC does not necessarily mean that all users
have lost SELECT privilege on the object: those who have it granted
directly or via a group will still have it.
If GRANT OPTION FOR is specified, only the grant option for the privi-
lege is revoked, not the privilege itself.
If a user holds a privilege with grant option and has granted it to
other users then the privileges held by those other users are called
dependent privileges. If the privilege or the grant option held by the
first user is being revoked and dependent privileges exist, those
dependent privileges are also revoked if CASCADE is specified, else the
revoke action will fail. This recursive revocation only affects privi-
leges that were granted through a chain of users that is traceable to
the user that is the subject of this REVOKE command. Thus, the
affected users may effectively keep the privilege if it was also
granted through other users.
NOTES
Use psql(1)'s \z command to display the privileges granted on existing
objects. See also GRANT [grant(l)] for information about the format.
A user can only revoke privileges that were granted directly by that
user. If, for example, user A has granted a privilege with grant option
to user B, and user B has in turned granted it to user C, then user A
cannot revoke the privilege directly from C. Instead, user A could
revoke the grant option from user B and use the CASCADE option so that
the privilege is automatically revoked from user C.
If a superuser chooses to issue a GRANT or REVOKE command, the command
is performed as though it were issued by the owner of the affected
object. Since all privileges ultimately come from the object owner
(possibly indirectly via chains of grant options), it is possible for a
superuser to revoke all privileges, but this may require use of CASCADE
as stated above.
EXAMPLES
Revoke insert privilege for the public on table films:
REVOKE INSERT ON films FROM PUBLIC;
Revoke all privileges from user manuel on view kinds:
REVOKE ALL PRIVILEGES ON kinds FROM manuel;
COMPATIBILITY
The compatibility notes of the GRANT [grant(l)] command apply analo-
gously to REVOKE. The syntax summary is:
REVOKE [ GRANT OPTION FOR ] privileges
ON object [ ( column [, ...] ) ]
FROM { PUBLIC | username [, ...] }
{ RESTRICT | CASCADE }
One of RESTRICT or CASCADE is required according to the standard, but
PostgreSQL assumes RESTRICT by default.
SEE ALSO
GRANT [grant(l)]
SQL - Language Statements 2003-11-02 REVOKE(l)
Man(1) output converted with
man2html