revoke
Syntax
revoke(userId|groupId,accessType,[objs])
Arguments
userId | groupId is a string indicating a user name or a group name.
accessType is the type of privilege.
objs is a string scalar/vector indicating the objects that the priviledges specified by accessType applies to.
See the privilege table in UserAccessControl for the values that accessType and objs can take.
Details
-
Revokes specified access privileges to a user or a group of users that were previously granted or denied.
-
Removes the memory limit that was previously set for a specific user. It includes the memory limit of a query result (when accessType = QUERY_RESULT_MEM_LIMIT) and the memory limit of a task group (when accessType = TASK_GROUP_MEM_LIMIT). The memory limit will be reverted to the default memory limit configured in the system.
Administrators can grant users all privileges (accessType) through this command, but regular users, after having the relevant OWNER privileges, can only grant the following privileges through this command: TABLE_READ, TABLE_WRITE, TABLE_INSERT, TABLE_UPDATE, TABLE_DELETE, DB_READ, DB_WRITE, DB_INSERT, DB_UPDATE, DB_DELETE, DBOBJ_DELETE, DBOBJ_CREATE and VIEW_EXEC.
Examples
Revoke the privilege of the members of the group "production" to read all tables in all databases:
revoke(`production, TABLE_READ, "*")
Revoke the denial of the privilege of the members of the group "research" to write to the table dfs://db1/t1:
revoke(`research, TABLE_WRITE, "dfs://db1/t1")
Revoke the privilege of the members of the group "research" to create tables in the databases dfs://db1 and dfs://db2:
revoke("research", DBOBJ_CREATE, ["dfs://db1","dfs://db2"])
Revoke the denial of the privilege of the user "AlexSmith" to create or delete databases:
revoke("AlexSmith", DB_MANAGE)
Revoke the privilege of the user "AlexSmith" to execute script:
revoke("AlexSmith", SCRIPT_EXEC)
Revoke the denial of the privilege of the user "AlexSmith" to test script:
revoke("AlexSmith", TEST_EXEC)