REVOKE (key)
Revokes privileges on a cryptographic key from a user or role.
Important
Because certificates depend on their underlying key, DROP privileges on a key effectively act as DROP privileges on its associated certificate when used with DROP KEY...CASCADE.To grant privileges on a key, see GRANT (key).
Syntax
REVOKE [ GRANT OPTION FOR ] { privilege[,...] | ALL [ PRIVILEGES ] } ON KEY
key_name[,...]
FROM user[,...]
Parameters
-
`GRANT OPTION FOR`
Revokes the grant option for the specified privileges. Current privileges for grantees remain unaffected. If you omit this clause, Vertica revokes both the grant option and current privileges.
privilege
A privilege, one of the following:
-
USAGE: Allows a user to perform the following actions:
-
View the contents of the key.
-
Create or sign certificates using the key.
USAGE on the key also gives implicit USAGE privileges on a certificate that uses it as its private key. Users can also get these privileges from ownership of the key or certificate. USAGE privileges on a certificate allow a user to perform the following actions:
-
View the contents of the certificate.
-
Add (with CREATE or ALTER) the certificate to a TLS Configuration.
-
Reuse the CA certificate when importing certificates signed by it. For example, if a user imports a chain of certificates
A > B > C
and have USAGE onB
, the database reusesB
(as opposed to creating a duplicate ofB
). -
Specify that the CA certificate signed an imported certificate. For example, if certificate
B
signed certificateC
, USAGE onB
allows a user to importC
and specify that it was SIGNED BYB
.
-
-
ALTER: Allows a user to see the key and its associated certificates in their respective system tables, but not their contents.
-
key_name
- The target key.
user
Specifies who is granted privileges, one of the following:
Privileges
Non-superuser:
-
Owner
-
Privileges grantee given the option (
WITH GRANT OPTION
) of granting privileges to other users or roles.
Examples
The following example revokes DROP privileges on a key (and, by extension, its associated certificate) from a user:
=> REVOKE USAGE ON KEY new_key FROM u1;
REVOKE PRIVILEGE