REVOKE
Contents
Privileges
Syntax
REVOKE priv_type [(column_list)] [, priv_type [(column_list)]] ... ON [object_type] priv_level FROM user [, user] ... REVOKE ALL PRIVILEGES, GRANT OPTION FROM user [, user] ...
Description
The REVOKE
statement enables system administrators to revoke
privileges (or roles - see section below) from MariaDB accounts. Each account is named using the same format
as for the GRANT
statement; for example,
'jeffrey'@'localhost
'. If you specify only the user name part
of the account name, a host name part of '
' is used. For
details on the levels at which privileges exist, the allowable
%
priv_type
and priv_level
values, and the
syntax for specifying users and passwords, see GRANT
.
To use the first REVOKE
syntax, you must have the
GRANT OPTION
privilege, and you must have the privileges that
you are revoking.
To revoke all privileges, use the second syntax, which drops all global, database, table, column, and routine privileges for the named user or users:
REVOKE ALL PRIVILEGES, GRANT OPTION FROM user [, user] ...
To use this REVOKE
syntax, you must have the global
CREATE USER
privilege or the
UPDATE
privilege for the mysql database. See
GRANT
.
Examples
REVOKE SUPER ON *.* FROM 'alexander'@'localhost';
Roles
MariaDB starting with 10.0.5
Roles were introduced in MariaDB 10.0.5.
Syntax
REVOKE role [, role ...] FROM grantee [, grantee2 ... ] REVOKE ADMIN OPTION FOR role FROM grantee [, grantee2]
Description
REVOKE
is also used to remove a role from a user or another role that it's previously been assigned to. If a role has previously been set as a default role, REVOKE
does not remove the record of the default role from the mysql.user
table. If the role is subsequently granted again, it will again be the user's default. Use SET DEFAULT ROLE NONE
to explicitly remove this.
Before MariaDB 10.1.13, the REVOKE role
statement was not permitted in prepared statements.
Example
REVOKE journalist FROM hulda