REVOKE

Removes privileges on database objects from roles.

Removes privileges on database objects from a role.
CAUTION: REVOKE does not automatically invalidate cached credentials and permissions. Permissions are invalidated the next time they are refreshed.

Synopsis

REVOKE privilege 
ON resource_name
FROM role_name
Table 1. Legend
Syntax conventions Description
UPPERCASE Literal keyword.
Lowercase Not literal.
Italics Variable value. Replace with a user-defined value.
[] Optional. Square brackets ( [] ) surround optional command arguments. Do not type the square brackets.
( ) Group. Parentheses ( ( ) ) identify a group to choose from. Do not type the parentheses.
| Or. A vertical bar ( | ) separates alternative elements. Type any one of the elements. Do not type the vertical bar.
... Repeatable. An ellipsis ( ... ) indicates that you can repeat the syntax element as often as required.
'Literal string' Single quotation ( ' ) marks must surround literal strings in CQL statements. Use single quotation marks to preserve upper case.
{ key : value } Map collection. Braces ( { } ) enclose map collections or key value pairs. A colon separates the key and the value.
<datatype1,datatype2> Set, list, map, or tuple. Angle brackets ( < > ) enclose data types in a set, list, map, or tuple. Separate the data types with a comma.
cql_statement; End CQL statement. A semicolon ( ; ) terminates all CQL statements.
[--] Separate the command line options from the command arguments with two hyphens ( -- ). This syntax is useful when arguments might be mistaken for command line options.
privilege

Permissions granted on a resource to a role; grant a privilege at any level of the resource hierarchy. The full set of available privileges is:

  • ALL PERMISSIONS
  • ALTER
  • AUTHORIZE
  • CREATE
  • DESCRIBE
  • DROP
  • EXECUTE
  • MODIFY
  • PROXY.EXECUTE
  • PROXY.LOGIN
  • SEARCH.ALTER
  • SEARCH.COMMIT
  • SEARCH.CREATE
  • SEARCH.DROP
  • SEARCH.REBUILD
  • SEARCH.RELOAD
  • SELECT
resource_name

The DataStax Distribution of Apache Cassandra™ database objects to which permissions are applied. Database resources have modelled hierarchy. Grant permissions on a resource higher in the chain to automatically grant that same permission on all resources lower down.

Note: Not all privileges apply to every type of resource. For instance, EXECUTE is only relevant in the context of functions, MBeans, RPC, and authentication schemes. Attempting to grant privileges on a resource that the permission is not applicable results in an error.

Example

The role manager can no longer perform SELECT queries on the cycling.name table.
REVOKE SELECT 
ON cycling.name 
FROM manager;
Exceptions: Because of inheritance, the user can perform SELECT queries on cycling.name if one of these conditions is met:
  • The user is a superuser.
  • The user has SELECT on ALL KEYSPACES permissions.
  • The user has SELECT on the cycling keyspace.
The role coach can no longer perform GRANT, ALTER or REVOKE commands on all roles:
REVOKE ALTER 
ON ALL ROLES 
FROM coach;