- StarRocks
- Quick Start
- Table Design
- Data Loading
- Data Export
- Using StarRocks
- Reference
- SQL Reference
- User Account Management
- Cluster Management
- ADMIN CANCEL REPAIR
- ADMIN CHECK TABLET
- ADMIN REPAIR
- ADMIN SET CONFIG
- ADMIN SET REPLICA STATUS
- ADMIN SHOW CONFIG
- ADMIN SHOW REPLICA DISTRIBUTION
- ADMIN SHOW REPLICA STATUS
- ALTER SYSTEM
- CANCEL DECOMMISSION
- CREATE FILE
- DROP FILE
- INSTALL PLUGIN
- SHOW BACKENDS
- SHOW BROKER
- SHOW FRONTENDS
- SHOW FULL COLUMNS
- SHOW INDEX
- SHOW PLUGINS
- SHOW TABLE STATUS
- SHOW FILE
- UNINSTALL PLUGIN
- DDL
- ALTER DATABASE
- ALTER TABLE
- ALTER VIEW
- ALTER RESOURCE
- BACKUP
- CANCEL BACKUP
- CANCEL RESTORE
- CREATE DATABASE
- CREATE INDEX
- CREATE MATERIALIZED VIEW
- CREATE REPOSITORY
- CREATE RESOURCE
- CREATE TABLE AS SELECT
- CREATE TABLE LIKE
- CREATE TABLE
- CREATE VIEW
- CREATE FUNCTION
- DROP DATABASE
- DROP INDEX
- DROP MATERIALIZED VIEW
- DROP REPOSITORY
- DROP RESOURCE
- DROP TABLE
- DROP VIEW
- DROP FUNCTION
- HLL
- RECOVER
- RESTORE
- SHOW RESOURCES
- SHOW FUNCTION
- TRUNCATE TABLE
- DML
- ALTER ROUTINE LOAD
- BROKER LOAD
- CANCEL LOAD
- DELETE
- EXPORT
- GROUP BY
- INSERT
- PAUSE ROUTINE LOAD
- RESUME ROUTINE LOAD
- ROUTINE LOAD
- SELECT
- SHOW ALTER
- SHOW BACKUP
- SHOW DATA
- SHOW DATABASES
- SHOW DELETE
- SHOW DYNAMIC PARTITION TABLES
- SHOW EXPORT
- SHOW LOAD
- SHOW PARTITIONS
- SHOW PROPERTY
- SHOW REPOSITORIES
- SHOW RESTORE
- SHOW ROUTINE LOAD
- SHOW ROUTINE LOAD TASK
- SHOW SNAPSHOT
- SHOW TABLES
- SHOW TABLET
- SHOW TRANSACTION
- SPARK LOAD
- STOP ROUTINE LOAD
- STREAM LOAD
- Data Types
- Auxiliary Commands
- Function Reference
- Date Functions
- Geographic Functions
- String Functions
- JSON Functions
- Overview of JSON functions and operators
- JSON constructor functions
- JSON query and processing functions
- JSON operators
- Aggregate Functions
- Bitmap Functions
- Array Functions
- cast function
- hash function
- Cryptographic Functions
- Math Functions
- Utility Functions
- System variables
- Error code
- System limits
- SQL Reference
- Administration
- FAQ
- Deploy
- Data Migration
- SQL
- Other FAQs
- Benchmark
- Release Notes
REVOKE
Description
You can use the REVOKE statement to revoke specific privileges from a user or a role.
Syntax
Revoke specific privileges on a database and a table from a user or a role. The role from which you want to revoke privileges must already exist.
REVOKE privilege_list ON db_name[.tbl_name] FROM {user_identity | ROLE 'role_name'};Revoke specific privileges on a resource from a user or a role. The role from which you want to revoke privileges must already exist.
REVOKE privilege_list ON RESOURCE 'resource_name' FROM {user_identity | ROLE 'role_name'};
Parameters
privilege_list
The privileges that can be revoked. If you want to revoke multiple privileges at a time, separate the privileges with commas (,). The following privileges are supported:
NODE_PRIV: the privilege to manage cluster nodes such as enabling nodes and disabling nodes.ADMIN_PRIV: all privileges exceptNODE_PRIV.GRANT_PRIV: the privilege of performing operations such as creating users and roles, deleting users and roles, granting privileges, revoking privileges, and setting passwords for accounts.SELECT_PRIV: the read privilege on databases and tables.LOAD_PRIV: the privilege to load data into databases and tables.ALTER_PRIV: the privilege to change schemas of databases and tables.CREATE_PRIV: the privilege to create databases and tables.DROP_PRIV: the privilege to delete databases and tables.USAGE_PRIV: the privilege to use resources.
db_name[.tbl_name]
The database and table. This parameter supports the following three formats:
*.*: indicates all databases and tables.db.*: indicates a specific database and all tables in this database.db.tbl: indicates a specific table in a specific database.
Note: When you use the
db.*ordb.tblformat, you can specify a database or a table that does not exist.
resource_name
The resource name. This parameter supports the following two formats:
*: indicates all the resources.resource: indicates a specific resource.
Note: When you use the
resourceformat, you can specify a resource that does not exist.
user_identity
This parameter contains two parts: user_name and host. user_name indicates the user name. host indicates the IP address of the user. You can leave host unspecified or you can specify a domain for host. If you leave host unspecified, host defaults to %, which means you can access StarRocks from any host. If you specify a domain for host, it may take one minute for the privilege to take effect. The user_identity parameter must be created by the CREATE USER statement.
role_name
The role name.
Examples
Example 1: Revoke the read privilege on db1 and all tables in this database from user jack.
REVOKE SELECT_PRIV ON db1.* FROM 'jack'@'192.%';Example 2: Revoke the privilege to use spark_resource from user jack.
REVOKE USAGE_PRIV ON RESOURCE 'spark_resource' FROM 'jack'@'192.%';