Remove privileges or roles. Learn how to withdraw previously granted permissions from users or roles to restrict access and secure the database.
The REVOKE statement enables system administrators to revoke privileges (or roles - see ) from MariaDB accounts. Each account is named using the same format as for the GRANT statement; for example, 'jeffrey'@'localhost'. If you specify only the user name part of the account name, a host name part of '%' is used. For details on the levels at which privileges exist, the allowablepriv_type and priv_level values, and the syntax for specifying users and passwords, see .
To use the first REVOKE syntax, you must have theGRANT OPTION privilege, and you must have the privileges that you are revoking.
To revoke all privileges, use the second syntax, which drops all global, database, table, column, and routine privileges for the named user or users:
To use this REVOKE syntax, you must have the global privilege or the privilege for the mysql database. See .
REVOKE is also used to remove a from a user or another role that it's previously been assigned to. If a role has previously been set as a , REVOKE does not remove the record of the default role from the table. If the role is subsequently granted again, it will again be the user's default. Use to explicitly remove this.
REVOKE role is also permitted in .
REVOKE role is not permitted in .
The REVOKE PROXY syntax removes the ability for one user to proxy as another.
This page is licensed: GPLv2, originally from
/* 1. Revoking Privileges */
REVOKE
priv_type [(column_list)]
[, priv_type [(column_list)]] ...
ON [object_type] priv_level
FROM account_or_role [, account_or_role] ...
/* 2. Revoking All Privileges */
REVOKE ALL [PRIVILEGES], GRANT OPTION
FROM account_or_role [, account_or_role] ...
/* 3. Revoking Proxy Access */
REVOKE PROXY ON user_or_role
FROM account_or_role [, account_or_role] ...
/* 4. Revoking Roles */
REVOKE role [, role] ...
FROM account_or_role [, account_or_role] ...
/* 5. Revoking Admin Option for Roles */
REVOKE ADMIN OPTION FOR role [, role] ...
FROM account_or_role [, account_or_role] ...
/* Variable Definitions */
account_or_role:
username
| role
| PUBLIC
| CURRENT_USER [()]
| CURRENT_ROLE [()]
priv_type:
ALL [PRIVILEGES]
| ALTER | ALTER ROUTINE | BINLOG ADMIN | BINLOG MONITOR | BINLOG REPLAY
| CONNECTION ADMIN | CREATE | CREATE ROUTINE | CREATE TABLESPACE
| CREATE TEMPORARY TABLES | CREATE USER | CREATE VIEW
| DELETE | DELETE HISTORY | DROP | EVENT | EXECUTE | FEDERATED ADMIN
| FILE | GRANT OPTION | INDEX | INSERT | LOCK TABLES | PROCESS
| READ ONLY ADMIN | RELOAD | REPLICATION CLIENT | REPLICATION MASTER ADMIN
| REPLICATION SLAVE | REPLICATION SLAVE ADMIN | REFERENCES
| SELECT | SET USER | SHOW CREATE ROUTINE | SHOW DATABASES | SHOW VIEW
| SHUTDOWN | SLAVE MONITOR | SUPER | TRIGGER | UPDATE | USAGE
object_type:
TABLE
| FUNCTION
| PROCEDURE
| PACKAGE
| PACKAGE BODY
priv_level:
*
| *.*
| db_name.*
| db_name.tbl_name
| tbl_name
| db_name.routine_nameREVOKE ALL PRIVILEGES, GRANT OPTION FROM user [, user] ...REVOKE SUPER ON *.* FROM 'alexander'@'localhost';REVOKE role [, role ...]
FROM grantee [, grantee2 ... ]
REVOKE ADMIN OPTION FOR role FROM grantee [, grantee2]REVOKE journalist FROM huldaREVOKE PROXY ON 'dba_user'@'localhost' FROM 'app_user'@'localhost';