REVOKE statements

• 1: REVOKE (authentication)
• 2: REVOKE (data loader)
• 3: REVOKE (database)
• 4: REVOKE (key)
• 5: REVOKE (library)
• 6: REVOKE (model)
• 7: REVOKE (procedure)
• 8: REVOKE (Resource pool)
• 9: REVOKE (Role)
• 10: REVOKE (schema)
• 11: REVOKE (sequence)
• 12: REVOKE (storage location)
• 13: REVOKE (table)
• 14: REVOKE (TLS configuration)
• 15: REVOKE (user defined extension)
• 16: REVOKE (view)
• 17: REVOKE (workload)

1 - REVOKE (authentication)

Revokes privileges on an authentication method from users and roles.

Syntax

REVOKE AUTHENTICATION auth-method-name FROM grantee[,...]

Parameters

auth-method-name

Name of the target authentication method.

grantee

Whose privileges are revoked, one of the following:

• User name

• Role

• PUBLIC: The default role of all users

Privileges

Superuser

Examples

• Revoke v_ldap authentication from user jsmith:

  => REVOKE AUTHENTICATION v_ldap FROM jsmith;
  

• Revoke v_gss authentication from the role DBprogrammer:

  => REVOKE AUTHENTICATION v_gss FROM DBprogrammer;
  

• Revoke localpwd as the default client authentication method:

  => REVOKE AUTHENTICATION localpwd FROM PUBLIC;
  

See also

• ALTER AUTHENTICATION
• CREATE AUTHENTICATION
• DROP AUTHENTICATION
• GRANT (authentication)

2 - REVOKE (data loader)

Revokes privileges on automatic data loaders from users and roles.

Syntax

REVOKE [ GRANT OPTION FOR ] { privilege[,...] | ALL [ PRIVILEGES ] }
   ON DATA LOADER [schema.]name
   FROM grantee[,...]
   [ CASCADE ]

Arguments

privilege

One of the following privileges:

• EXECUTE
• ALTER
• DROP

ALL [PRIVILEGES]

Revokes all privileges.

schema

Schema containing the data loader. The default schema is public.

name

Name of the data loader.

grantee

Whose privileges are revoked, one of the following:

• User name

• Role

• PUBLIC: The default role of all users

CASCADE

Revoke privileges from users who received them from the grantee through WITH GRANT OPTION.

Privileges

Non-superuser, one of the following:

• Ownership

• GRANT OPTION on the object

See also

• GRANT (data loader)
• Granting and revoking privileges

3 - REVOKE (database)

Revokes database privileges from users and roles.

Syntax

REVOKE [ GRANT OPTION FOR ] { privilege[,...] | ALL [ PRIVILEGES ] }
   ON DATABASE db-spec
   FROM grantee[,...]
   [ CASCADE ]

Parameters

GRANT OPTION FOR

Revokes the grant option for the specified privileges. Current privileges for grantees remain unaffected. If you omit this clause, Vertica revokes both the grant option and current privileges.

privilege

The database privilege to revoke, one of the following:

• CREATE: Create schemas.

• TEMP: Create temporary tables.

ALL [PRIVILEGES]

Revokes all database privileges that also belong to the revoker. Users cannot revoke privileges that they themselves lack.

The optional keyword PRIVILEGES is supported to comply with the SQL standard.

ON DATABASE db-spec

Specifies the current database, set to the database name or DEFAULT.

*`grantee`*

Whose privileges are revoked, one of the following:

• User name

• Role

• PUBLIC: The default role of all users

CASCADE

Revoke privileges from users who received them from the grantee through WITH GRANT OPTION.

Privileges

Non-superuser, one of the following:

• Ownership

• GRANT OPTION on the object

Examples

Revoke user Fred's privilege to create schemas in the current database:

=> REVOKE CREATE ON DATABASE DEFAULT FROM Fred;

Revoke user Fred's privilege to create temporary tables in the current database:

=> REVOKE TEMP ON DATABASE DEFAULT FROM Fred;

See also

• GRANT (database)
• Granting and revoking privileges

4 - REVOKE (key)

Revokes privileges on a cryptographic key from a user or role.

To grant privileges on a key, see GRANT (key).

Syntax

REVOKE [ GRANT OPTION FOR ] { privilege[,...] | ALL [ PRIVILEGES ] } ON KEY
    key_name[,...]
    FROM user[,...]

Parameters

`GRANT OPTION FOR`

Revokes the grant option for the specified privileges. Current privileges for grantees remain unaffected. If you omit this clause, Vertica revokes both the grant option and current privileges.

privilege

A privilege, one of the following:

• USAGE: Allows a user to perform the following actions:

  • View the contents of the key.

  • Create or sign certificates using the key.

  USAGE on the key also gives implicit USAGE privileges on a certificate that uses it as its private key. Users can also get these privileges from ownership of the key or certificate. USAGE privileges on a certificate allow a user to perform the following actions:

  • View the contents of the certificate.

  • Add (with CREATE or ALTER) the certificate to a TLS Configuration.

  • Reuse the CA certificate when importing certificates signed by it. For example, if a user imports a chain of certificates A > B > C and have USAGE on B, the database reuses B (as opposed to creating a duplicate of B).

  • Specify that the CA certificate signed an imported certificate. For example, if certificate B signed certificate C, USAGE on B allows a user to import C and specify that it was SIGNED BY B.

• DROP

• ALTER: Allows a user to see the key and its associated certificates in their respective system tables, but not their contents.

key_name

The target key.

user

Who is granted privileges, one of the following:

• user-name
• role

• PUBLIC: Default role of all users

Privileges

Non-superuser:

• Owner

• Privileges grantee given the option (WITH GRANT OPTION) of granting privileges to other users or roles.

Examples

The following example revokes DROP privileges on a key (and, by extension, its associated certificate) from a user:

=> REVOKE USAGE ON KEY new_key FROM u1;
REVOKE PRIVILEGE

5 - REVOKE (library)

Revokes library privileges from users and roles.

Syntax

REVOKE [ GRANT OPTION FOR ] { USAGE | ALL [ PRIVILEGES ] }
   ON LIBRARY [[database.]schema.]library[,...]
   FROM grantee[,...]
   [ CASCADE ]

Parameters

GRANT OPTION FOR

Revokes the grant option for the specified privileges. Current privileges for grantees remain unaffected. If you omit this clause, Vertica revokes both the grant option and current privileges.

USAGE

Revokes access to the specified libraries.

Important

Privileges on functions in these libraries must be separately revoked.

ALL [PRIVILEGES]

Revokes all library privileges that also belong to the revoker. Users cannot revoke privileges that they themselves lack. The optional keyword PRIVILEGES conforms with the SQL standard.

[database.]schema

Database and schema. The default schema is public. If you specify a database, it must be the current database.

library

The target library.

grantee

Whose privileges are revoked, one of the following:

• User name

• Role

• PUBLIC: The default role of all users

CASCADE

Revoke privileges from users who received them from the grantee through WITH GRANT OPTION.

Examples

These commands show how to create a new library, and then grant and revoke user Fred's USAGE privilege on that library.

=> CREATE LIBRARY MyFunctions AS 'home/dbadmin/my_functions.so';
=> GRANT USAGE ON LIBRARY MyFunctions TO Fred;
=> REVOKE USAGE ON LIBRARY MyFunctions FROM Fred;

See also

• GRANT (library)
• Granting and revoking privileges

6 - REVOKE (model)

Revokes model privileges from users and roles.

Syntax

REVOKE [ GRANT OPTION FOR ] { privilege[,...] | ALL [ PRIVILEGES ] }
   ON MODEL [[database.]schema.]model-name [,...]
   FROM grantee[,...]
   [ CASCADE ]

Parameters

GRANT OPTION FOR

Revokes the grant option for the specified privileges. Current privileges for grantees remain unaffected. If you omit this clause, Vertica revokes both the grant option and current privileges.

USAGE

One of the following privileges:

• USAGE: Usage of the specified models

• ALTER

• DROP

ALL [PRIVILEGES]

Revokes all model privileges that also belong to the revoker. Users cannot revoke privileges that they themselves lack.

The optional keyword PRIVILEGES conforms with the SQL standard.

[database.]schema

Database and schema. The default schema is public. If you specify a database, it must be the current database.

model-name

Name of the target model.

grantee

Whose privileges are revoked, one of the following:

• User name

• Role

• PUBLIC: The default role of all users

CASCADE

Revoke privileges from users who received them from the grantee through WITH GRANT OPTION.

Privileges

Non-superuser, one of the following:

• Ownership

• GRANT OPTION on the object

Examples

Revoke user Fred's USAGE privilege on model mySvmClassModel:

=> REVOKE USAGE ON mySvmClassModel FROM Fred;

See also

• GRANT (model)
• Managing model security

7 - REVOKE (procedure)

Revokes procedure privileges from users and roles.

Syntax

REVOKE [ GRANT OPTION FOR ] { EXECUTE | ALL PRIVILEGES }
   ON PROCEDURE [[database.]schema.]procedure( [argument-list] )[,...]
   FROM grantee[,...]
   [ CASCADE ]

Parameters

GRANT OPTION FOR

Revokes the grant option for the specified privileges. Current privileges for grantees remain unaffected. If you omit this clause, Vertica revokes both the grant option and current privileges.

EXECUTE

Revokes grantees ability to run the specified procedures.

ALL [PRIVILEGES]

Revokes all procedure privileges that also belong to the revoker. Users cannot revoke privileges that they themselves lack.

The optional keyword PRIVILEGES conforms with the SQL standard.

[database.]schema

Database and schema. The default schema is public. If you specify a database, it must be the current database.

procedure

The target procedure.

argument-list

A comma-delimited list of procedure arguments, where each argument is specified as follows:

[argname] argtype

If the procedure is defined with no arguments, supply an empty argument list.

grantee

Whose privileges are revoked, one of the following:

• User name

• Role

• PUBLIC: The default role of all users

CASCADE

Revoke privileges from users who received them from the grantee through WITH GRANT OPTION.

Privileges

Non-superuser, one of the following:

• Ownership

• GRANT OPTION on the object

Examples

This example revokes user Bob's execute privilege on the tokenize procedure.

=> REVOKE EXECUTE ON PROCEDURE tokenize(varchar) FROM Bob;

See also

• GRANT (procedure)
• Granting and revoking privileges

8 - REVOKE (Resource pool)

Revokes resource pool access privileges from users and roles.

Vertica checks resource pool privileges at runtime. Revoking a user's privileges for a resource pool can have an immediate effect on the user's current session. For example, a user query might require USAGE privileges on a resource pool. If you revoke those privileges from that user, subsequent attempts by the user to execute that query fail and return with an error message.

Syntax

REVOKE  [ GRANT OPTION FOR ] { USAGE | ALL PRIVILEGES }
   ON RESOURCE POOL resource-pool[,...]
   [FOR SUBCLUSTER subcluster | FOR CURRENT SUBCLUSTER]
   FROM grantee[,...]
   [ CASCADE ]

Parameters

GRANT OPTION FOR

Revokes the grant option for the specified privileges. Current privileges for grantees remain unaffected. If you omit this clause, Vertica revokes both the grant option and current privileges.

USAGE

Revokes grantee's access to the specified resource pool.

ALL PRIVILEGES

Revokes all resource pool privileges that also belong to the revoker. Users cannot revoke privileges that they themselves lack.

The optional keyword PRIVILEGES conforms with the SQL standard.

resource-pool

The target resource pool.

subcluster

The subcluster for the resource pool.

grantee

Whose privileges are revoked, one of the following:

• User name

• Role

• PUBLIC: The default role of all users

CASCADE

Revoke privileges from users who received them from the grantee through WITH GRANT OPTION.

Privileges

Non-superuser, one of the following:

• Ownership

• GRANT OPTION on the object

Examples

Revoke user Joe's USAGE privileges on resource pool Joe_pool.

=> REVOKE USAGE ON RESOURCE POOL Joe_pool FROM Joe;
REVOKE PRIVILEGE

Revoke user Joe's USAGE privileges on resource pool Joe_pool for subcluster sub1.

=> REVOKE USAGE ON RESOURCE POOL Joe_pool FOR SUBCLUSTER sub1 FROM Joe;
REVOKE PRIVILEGE

See also

• GRANT (Resource pool)
• Granting and revoking privileges

9 - REVOKE (Role)

Revokes a role from users and roles.

Syntax

REVOKE [ ADMIN OPTION FOR ] role[,...]
   FROM grantee[,...]
   [ CASCADE ]

Parameters

ADMIN OPTION FOR

Revokes from the grantees the authority to assign the specified roles to other users or roles. Current roles for grantees remain unaffected. If you omit this clause, Vertica revokes role assignment privileges and the current roles .

role

Role to revoke.

grantee

Whose privileges are revoked, one of the following:

• User name

• Role

• PUBLIC: The default role of all users

CASCADE

Revoke privileges from users who received them from the grantee through WITH GRANT OPTION.

Privileges

One of the following:

• Superuser

• Privileges grantee who was given the option (WITH ADMIN OPTION) of extending these privileges to other users

Examples

This example shows the revocation of the pseudosuperuser role from the dbadmin user:

=> REVOKE pseudosuperuser from dbadmin;

This example shows the revocation of administration access from the dbadmin user for the pseudosuperuser role. The ADMIN OPTION command does not remove the pseudosuperuser role.

=> REVOKE ADMIN OPTION FOR pseudosuperuser FROM dbadmin;

Notes

If the role you are trying to revoke was not already granted to the user, Vertica returns a NOTICE:

=> REVOKE commentor FROM Sue;
NOTICE 2022:  Role "commentor" was not already granted to user "Sue"
REVOKE ROLE

See also

• GRANT (Role)
• Granting and revoking privileges

10 - REVOKE (schema)

Revokes schema privileges from users and roles.

Syntax

REVOKE [ GRANT OPTION FOR ] { privilege[,...] | ALL [ PRIVILEGES ] }
   ON SCHEMA [{namespace. | database. }]schema[,...]
   FROM grantee[,...]
   [ CASCADE ]

Parameters

GRANT OPTION FOR

Revokes the grant option for the specified privileges. Current privileges for grantees remain unaffected. If you omit this clause, Vertica revokes both the grant option and current privileges.

privilege

The schema privilege to revoke, one of the following:

• USAGE: Access objects in the specified schemas.

• CREATE: Create objects in the specified schemas.

You can also revoke privileges from tables and views that they inherited on creation from this schema. When you revoke inherited privileges at the schema level, Vertica automatically applies the revocation to all tables and views that inherited these privileges.

• SELECT: Query tables and views. SELECT privileges are granted by default to the PUBLIC role.

• INSERT: Insert rows, or and load data into tables with COPY.

  Note

  COPY FROM STDIN is allowed for users with INSERT privileges, while COPY FROM file requires admin privileges.

• UPDATE: Update table rows.

• DELETE: Delete table rows.

• REFERENCES: Create foreign key constraints on this table. This privilege must be set on both referencing and referenced tables.

• TRUNCATE: Truncate table contents. Non-owners of tables can also execute the following partition operations on them:

  • DROP_PARTITIONS
  • SWAP_PARTITIONS_BETWEEN_TABLES
  • MOVE_PARTITIONS_TO_TABLE

• ALTER: Modify the DDL of tables and views with ALTER TABLE and ALTER VIEW, respectively.

• DROP: Drop tables and views.

ALL [PRIVILEGES]

Revokes USAGE AND CREATE privileges. Users cannot revoke privileges that they themselves lack.

The optional keyword PRIVILEGES conforms with the SQL standard.

Important

Inherited privileges must be explicitly revoked.

{ namespace. | database. }

Name of the database or namespace that contains schema:

• Database name: If specified, it must be the current database. In Eon Mode databases, the database name is valid only if the object is in the default namespace.
• Namespace name (Eon Mode only): You must specify the namespace of objects in non-default namespaces. If no namespace is provided, Vertica assumes the object is in the default namespace.

You cannot specify both a database and namespace name.

schema

Name of the schema, by default public.

grantee

Whose privileges are revoked, one of the following:

• User name

• Role

• PUBLIC: The default role of all users

CASCADE

Revoke privileges from users who received them from the grantee through WITH GRANT OPTION.

Privileges

Non-superuser, one of the following:

• Ownership

• GRANT OPTION on the object

Examples

Revoke user Joe's USAGE privilege on schema online_sales.

=> REVOKE USAGE ON SCHEMA online_sales FROM Joe;
REVOKE PRIVILEGE

See also

• GRANT (schema)
• Granting and revoking privileges

11 - REVOKE (sequence)

Revokes sequence privileges from users and roles.

Syntax

REVOKE [ GRANT OPTION FOR ] { privilege[,...] | ALL [ PRIVILEGES ] }
   ON {
     SEQUENCE [[database.]schema.]sequence[,...]
     | ALL SEQUENCES IN SCHEMA [database.]schema[,...] }
   FROM grantee[,...]
   [ CASCADE ]

Parameters

GRANT OPTION FOR

Revokes the grant option for the specified privileges. Current privileges for grantees remain unaffected. If you omit this clause, Vertica revokes both the grant option and current privileges.

privilege

One of the following privileges:

• SELECT: Execute functions CURRVAL and NEXTVAL on the specified sequences.

• ALTER: Modify a sequence's DDL with ALTER SEQUENCE

• DROP: Drop this sequence with DROP SEQUENCE.

ALL [PRIVILEGES]

Revokes all sequence privileges that also belong to the revoker. Users cannot revoke privileges that they themselves lack.

The optional keyword PRIVILEGES is supported to comply with the SQL standard.

[database.]schema

Database and schema. The default schema is public. If you specify a database, it must be the current database.

SEQUENCE sequence

Specifies the sequence on which to revoke privileges.

ALL SEQUENCES IN SCHEMA schema

Revokes the specified privileges on all sequences in schema schema.

grantee

Whose privileges are revoked, one of the following:

• User name

• Role

• PUBLIC: The default role of all users

CASCADE

Revoke privileges from users who received them from the grantee through WITH GRANT OPTION.

Privileges

Non-superuser, one of the following:

• Ownership

• GRANT OPTION on the object

Examples

Revoke user Joe's privileges on sequence my_seq.

=> REVOKE ALL PRIVILEGES ON SEQUENCE my_seq FROM Joe;
REVOKE PRIVILEGE

See also

• GRANT (sequence)
• Granting and revoking privileges

12 - REVOKE (storage location)

Revokes privileges on a USER-defined storage location from users and roles. For more information, see Creating storage locations.

Syntax

REVOKE [ GRANT OPTION FOR ] { privilege[,...] | ALL [ PRIVILEGES ] }
   ON LOCATION 'path' [ ON node ]
   FROM grantee[,...]
   [ CASCADE ]

Parameters

GRANT OPTION FOR

Revokes the grant option for the specified privileges. Current privileges for grantees remain unaffected. If you omit this clause, Vertica revokes both the grant option and current privileges.

privilege

One of the following privileges:

• READ: Copy data from files in the storage location into a table.

• WRITE: Export data from the database to the storage location. With WRITE privileges, grantees can also save COPY statement rejected data and exceptions files to the storage location.

ALL [PRIVILEGES]

Revokes all storage location privileges that also belong to the revoker. Users cannot revoke privileges that they themselves lack.

The optional keyword PRIVILEGES is supported to comply with the SQL standard.

ON LOCATION 'path' [ ON node ]

Specifies the path name mount point of the storage location. If qualified by ON NODE, Vertica revokes access to the storage location residing on node.

If no node is specified, the revoke operation applies to all nodes on the specified path. All nodes must be on the specified path; otherwise, the entire revoke operation rolls back.

grantee

Whose privileges are revoked, one of the following:

• User name

• Role

• PUBLIC: The default role of all users

CASCADE

Revoke privileges from users who received them from the grantee through WITH GRANT OPTION.

Privileges

Non-superuser, one of the following:

• Ownership

• GRANT OPTION on the object

Examples

See GRANT (storage location).

See also

13 - REVOKE (table)

Revokes table privileges from users and roles.

Syntax

REVOKE [ GRANT OPTION FOR ] { privilege[,...] | ALL [ PRIVILEGES ] }
   ON {
     [ TABLE ] [[{namespace. | database. }]schema.]table[,...]
     | ALL TABLES IN SCHEMA [database.]schema[,...] }
   FROM grantee[,...]
   [ CASCADE ]

Parameters

GRANT OPTION FOR

Revokes the grant option for the specified privileges. Current privileges for grantees remain unaffected. If you omit this clause, Vertica revokes both the grant option and current privileges.

privilege

One of the following privileges:

• SELECT: Query tables. SELECT privileges are granted by default to the PUBLIC role.

• INSERT: Insert table rows with INSERT, and load data with COPY.

  Note

  COPY FROM STDIN is allowed for users with INSERT privileges, while COPY FROM file requires admin privileges.

• UPDATE: Update table rows.

• DELETE: Delete table rows.

• REFERENCES: Create foreign key constraints on this table. This privilege must be set on both referencing and referenced tables.

• TRUNCATE: Truncate table contents. Non-owners of tables can also execute the following partition operations on them:

  • DROP_PARTITIONS
  • SWAP_PARTITIONS_BETWEEN_TABLES
  • MOVE_PARTITIONS_TO_TABLE

• ALTER: Modify a table's DDL with ALTER TABLE.

• DROP: Drop a table.

ALL [PRIVILEGES]

Revokes all table privileges that also belong to the revoker. Users cannot revoke privileges that they themselves lack.

The optional keyword PRIVILEGES is supported to comply with the SQL standard.

{ namespace. | database. }

Name of the database or namespace that contains table:

• Database name: If specified, it must be the current database. In Eon Mode databases, the database name is valid only if the object is in the default namespace.
• Namespace name (Eon Mode only): You must specify the namespace of objects in non-default namespaces. If no namespace is provided, Vertica assumes the object is in the default namespace.

You cannot specify both a database and namespace name.

schema

Name of the schema, by default public. If you specify the namespace or database name, you must provide the schema name, even if the schema is public.

TABLE table

Specifies the table on which to revoke privileges.

ON ALL TABLES IN SCHEMA schema

Revokes the specified privileges on all tables and views in schema schema.

grantee

Whose privileges are revoked, one of the following:

• User name

• Role

• PUBLIC: The default role of all users

CASCADE

Revoke privileges from users who received them from the grantee through WITH GRANT OPTION.

Privileges

Non-superuser, one of the following:

• Ownership

• GRANT OPTION on the object

Examples

Revoke user Joe's privileges on table customer_dimension.

=> REVOKE ALL PRIVILEGES ON TABLE customer_dimension FROM Joe;
REVOKE PRIVILEGE

See also

• GRANT (table)
• Granting and revoking privileges

14 - REVOKE (TLS configuration)

Revokes privileges granted on one or more TLS Configurations from users and roles.

Syntax

REVOKE [ GRANT OPTION FOR ]
    { ALL | [ privilege[,...] ]}
    ON TLS CONFIGURATION tls_configuration[,...]
    FROM grantee [,...]

Parameters

GRANT OPTION FOR

Revokes the grant option for the specified privileges. Current privileges for grantees remain unaffected. If you omit this clause, Vertica revokes both the grant option and current privileges.

privilege

A privilege, one of the following:

• USAGE: Allows the user to set the TLS Configuration for a type of connection and view its contents in the system table TLS_CONFIGURATIONS. For details, see Security parameters.

• DROP

• ALTER

tls_configuration

The TLS Configuration on which to revoke privileges.

grantee

Who is granted privileges, one of the following:

• user-name
• role

• PUBLIC: Default role of all users

Privileges

Non-superusers require USAGE on the schema and one of the following:

• Owner

• Privileges grantee given the option (WITH GRANT OPTION) of granting privileges to other users or roles.

Examples

To revoke ALTER privileges on the TLS Configuration server from the role client_server_tls_manager:

=> REVOKE ALTER ON TLS CONFIGURATION server FROM client_server_tls_manager;

15 - REVOKE (user defined extension)

Revokes privileges on one or more user-defined extensions from users and roles.

Syntax

REVOKE [ GRANT OPTION FOR ] { EXECUTE | ALL PRIVILEGES }
   ON {
       UDx-type [[database.]schema.]function-name( [argument-list] )[,...]
       | ALL FUNCTIONS IN SCHEMA schema[,...] }
   FROM grantee[,...]

Parameters

GRANT OPTION FOR

Revokes the grant option for the specified privileges. Current privileges for grantees remain unaffected. If you omit this clause, Vertica revokes both the grant option and current privileges.

EXECUTE

Revokes grantees ability to run the specified functions.

ALL [PRIVILEGES]

Revokes all function privileges that also belong to the revoker. Users cannot revoke privileges that they themselves lack.

The optional keyword PRIVILEGES conforms with the SQL standard.

ON UDx-type

Specifies the function's user-defined extension (UDx) type, where UDx-type is one of the following:

• FUNCTION

• AGGREGATE FUNCTION

• ANALYTIC FUNCTION

• TRANSFORM FUNCTION

• FILTER

• PARSER

• SOURCE

[database.]schema

Database and schema. The default schema is public. If you specify a database, it must be the current database.

function-name

The name of the user-defined function on which to revoke privileges.

ON ALL FUNCTIONS IN SCHEMA schema

Revokes privileges on all functions in the specified schema.

argument-list

Required for all polymorphic functions, a comma-delimited list of function arguments, where each argument is specified as follows:

[argname] argtype

If the procedure is defined with no arguments, supply an empty argument list.

grantee

Whose privileges are revoked, one of the following:

• User name

• Role

• PUBLIC: The default role of all users

CASCADE

Revoke privileges from users who received them from the grantee through WITH GRANT OPTION.

Privileges

Non-superuser, one of the following:

• Owner of the target function

• Privileges grantee who was given the option (WITH GRANT OPTION) of extending these privileges to other users

Examples

Revoke EXECUTE privileges from user Bob on function myzeroifnull:

=> REVOKE EXECUTE ON FUNCTION myzeroifnull (x INT) FROM Bob;

Revoke all privileges from user Doug on function Pagerank:

=> REVOKE ALL ON TRANSFORM FUNCTION Pagerank (t float) FROM Doug;

Revoke EXECUTE privileges on all functions in the zero-schema schema from user Bob:

=> REVOKE EXECUTE ON ALL FUNCTIONS IN SCHEMA zero-schema FROM Bob;

Revoke EXECUTE privileges from user Bob on the tokenize function:

=> REVOKE EXECUTE ON TRANSFORM FUNCTION tokenize(VARCHAR) FROM Bob;

Revoke all privileges on the ExampleSource() source from user Alice:

=> REVOKE ALL ON SOURCE ExampleSource() FROM Alice;

See also

• GRANT (User Defined Extension)

• Granting and Revoking Privileges

• Developing user-defined extensions (UDxs)

16 - REVOKE (view)

Revokes privileges on a view from users and roles.

Syntax

REVOKE [ GRANT OPTION FOR ] { privilege[,...] | ALL [ PRIVILEGES ] }
   ON [[database.]schema.]view[,...]
   FROM grantee[,...]
   [ CASCADE ]

Parameters

GRANT OPTION FOR

Revokes the grant option for the specified privileges. Current privileges for grantees remain unaffected. If you omit this clause, Vertica revokes both the grant option and current privileges.

privilege

One of the following:

• SELECT: Query the specified views.

• ALTER: Modify a view's DDL with ALTER VIEW

• DROP: Drop this view with DROP VIEW.

ALL PRIVILEGES

Revokes all privileges that pertain to views that also belong to the revoker. Users cannot revoke privileges that they themselves lack.

The optional keyword PRIVILEGES conforms with the SQL standard.

[database.]schema

Database and schema. The default schema is public. If you specify a database, it must be the current database.

view

The view on which to revoke privileges.

grantee

Whose privileges are revoked, one of the following:

• User name

• Role

• PUBLIC: The default role of all users

CASCADE

Revoke privileges from users who received them from the grantee through WITH GRANT OPTION.

Examples

Revoke SELECT privileges from user Joe on view test_view.

=> REVOKE SELECT ON test_view FROM Joe;
REVOKE PRIVILEGE

See also

• GRANT (view)
• Granting and revoking privileges

17 - REVOKE (workload)

Revokes privileges from a user or role to use a workload

Syntax

REVOKE USAGE ON WORKLOAD workload FROM {user | role}

Parameters

workload

A workload defined by a routing rule. For details, see Workload routing.

user | role

The user or role to revoke privileges from.

Privileges

Superuser

Examples

The following example revokes the USAGE privilege on the analytics workload from users with the analytics_role role:

=> REVOKE USAGE ON WORKLOAD analytics FROM analytics_role;

Similarly, this example revokes the USAGE privilege on the analytics workload from the user jacob:

=> REVOKE USAGE ON WORKLOAD analytics FROM jacob;

For more examples, see Workload routing.