Skip to content

Latest commit

 

History

History
60 lines (42 loc) · 2.59 KB

SQL-Revoke.md

File metadata and controls

60 lines (42 loc) · 2.59 KB
Raw
search
keywords
SQL
REVOKE
revoke

SQL - REVOKE

Changes permissions of a role, revoking access to one or more resources. To give access to a resource to the role, see the GRANT command.

Syntax

REVOKE <permission> ON <resource> FROM <role>
  • <permission> Defines the permission you want to revoke from the role.
  • <resource> Defines the resource on which you want to revoke the permissions.
  • <role> Defines the role you want to revoke the permissions.

Examples

  • Revoke permission to delete records on any cluster to the role backoffice:

    orientdb> REVOKE DELETE ON database.cluster.* FROM backoffice

For more information, see

Supported Permissions

Using this command, you can grant the following permissions to a role.

Permission Description
NONE Revokes no permissions on the resource.
CREATE Revokes create permissions on the resource, such as the CREATE CLASS or CREATE CLUSTER commands.
READ Revokes read permissions on the resource, such as the SELECT query.
UPDATE Revokes update permissions on the resource, such as the UPDATE or UPDATE EDGE commands.
DELETE Revokes delete permissions on the resource, such as the DROP INDEX or DROP SEQUENCE commands.
ALL Revokes all permissions on the resource.

Supported Resources

Using this command, you can grant permissions on the following resources.

Resource Description
database Revokes access on the current database.
database.class.<class> Revokes access on records contained in the indicated class. Use ** to indicate all classes.
database.cluster.<cluster> Revokes access to records contained in the indicated cluster. Use ** to indicate all clusters.
database.query Revokes the ability to execute a query, (READ is sufficient).
database.command.<command> Revokes the ability to execute the given command. Use CREATE for INSERT, READ for SELECT, UPDATE for UPDATE and DELETE for DELETE.
database.config.<permission> Revokes access to the configuration. Valid permissions are READ and UPDATE.
database.hook.record Revokes the ability to set hooks.
server.admin Revokes the ability to access server resources.