REVOKE
Removes privileges on database objects from roles.
Removes privileges on database objects from a role.
CAUTION:
REVOKE does not automatically invalidate cached credentials and permissions. Permissions
are invalidated the next time they are refreshed. Synopsis
REVOKE privilege ON resource_name FROM role_name ;
| Syntax conventions | Description |
|---|---|
| UPPERCASE | Literal keyword. |
| Lowercase | Not literal. |
Italics |
Variable value. Replace with a user-defined value. |
[] |
Optional. Square brackets ( [] ) surround
optional command arguments. Do not type the square brackets. |
( ) |
Group. Parentheses ( ( ) ) identify a group to
choose from. Do not type the parentheses. |
| |
Or. A vertical bar ( | ) separates alternative
elements. Type any one of the elements. Do not type the vertical
bar. |
... |
Repeatable. An ellipsis ( ... ) indicates that
you can repeat the syntax element as often as required. |
'Literal string' |
Single quotation ( ' ) marks must surround
literal strings in CQL statements. Use single quotation marks to
preserve upper case. |
{ key : value
} |
Map collection. Braces ( { } ) enclose map
collections or key value pairs. A colon separates the key and the
value. |
<datatype1,datatype2> |
Set, list, map, or tuple. Angle brackets ( <
> ) enclose data types in a set, list, map, or tuple.
Separate the data types with a comma. |
cql_statement; |
End CQL statement. A semicolon ( ; ) terminates
all CQL statements. |
[--] |
Separate the command line options from the command arguments with
two hyphens ( -- ). This syntax is useful when
arguments might be mistaken for command line options. |
' <schema> ... </schema>
' |
Search CQL only: Single quotation marks ( ' )
surround an entire XML schema declaration. |
@xml_entity='xml_entity_type' |
Search CQL only: Identify the entity and literal value to overwrite the XML element in the schema and solrConfig files. |
- privilege
-
Permissions granted on a resource to a role; grant a privilege at any level of the resource hierarchy. The full set of available privileges is:
- ALL PERMISSIONS
- ALTER
- AUTHORIZE
- CREATE
- DESCRIBE
- DROP
- EXECUTE
- MODIFY
- PROXY.EXECUTE
- PROXY.LOGIN
- SEARCH.ALTER
- SEARCH.COMMIT
- SEARCH.CREATE
- SEARCH.DROP
- SEARCH.REBUILD
- SEARCH.RELOAD
- SELECT
- resource_name
-
The DataStax Distribution of Apache Cassandra™ database objects to which permissions are applied. Database resources have modelled hierarchy. Grant permissions on a resource higher in the chain to automatically grant that same permission on all resources lower down.
Note: Not all privileges apply to every type of resource. For instance,EXECUTEis only relevant in the context of functions, MBeans, RPC, and authentication schemes. Attempting to grant privileges on a resource that the permission is not applicable results in an error.
Example
The role manager can no longer perform
SELECT queries
on the cycling.name table.
REVOKE SELECT ON cycling.name FROM manager;Exceptions: Because of inheritance, the user can perform
SELECT queries on
cycling.name if one of these conditions is met:- The user is a superuser.
- The user has
SELECTonALL KEYSPACESpermissions. - The user has
SELECTon the cycling keyspace.
The role coach can no longer perform
GRANT,
ALTER or REVOKE commands on all
roles:REVOKE ALTER ON ALL ROLES FROM coach;