Removing Permissions on a Table or Column from a User or Role

Remove permissions on a table or column from a user, user-extended role, or standalone role.

Prerequisites
Database Version Role-Based Database Object Privileges
SAP Sybase IQ 15.3 and 15.4 Not supported.
SAP Sybase IQ 16.0 Requires one of:
  • MANAGE ANY OBJECT PRIVILEGE system privilege.
  • You have administrative rights (with grant option) to the permission.
  • You own the database object.
Task

The REVOKE command applies to the database object permission itself, not to any administrative right granted on the permission. Therefore, to remove the administrative right only and leave the database object permission intact, do not use the Revoke button. Rather, regrant the specific permission without administrative rights. Only the original grantor can remove the administrative rights only from a granted permission. If another grantor regrants the same permission without administrative rights, a new permission without administrative rights is granted, but the original permission with administrative rights remains and takes precedence over any other non-administrative grants of the same permission to the same user or role.

If multiple permissions are granted, you can revoke some or all of the permissions. However, if you revoke a permission granted administrative rights, and the grantee has granted the permission to other users, who in turn have granted it to other users, and so on, every grantee in the chain who has received the permission indirectly, with or without administrative rights, also has their permission revoked. For example, UserA is granted the SELECT permission with the With grant option. UserA grants SELECT to UserB with the With grant option. UserB grants SELECT to UserC and UserD without administrative rights and to UserE with administrative rights. When you revoke the SELECT permission from UserA, it is also revoked for UserB, UserC, UserD and UserE.

  1. In the Perspective Resources view, select the resource and select Resource > Administration Console.
  2. In the left pane, select IQ Servers > Security > Role-Based.
  3. Select:
    • Users
    • User-Extended Roles
    • Standalone Roles
  4. Select:
    • Click the arrow to the right of the name and select Properties, or
    • From the Administration Console menu bar, select Resource > Properties.
  5. In the left pane, select Permissions.
  6. In the right pane, expand the table containing the permission to be revoked.
  7. Highlight the row containing the permission to be modified.
    Note: If the permission appears on the list multiple times with different grantors, with or without administrative rights, it does not matter which instance is selected.
  8. Click Revoke.
    A list of permissions currently granted (regardless of administrative rights) appears.
  9. Select one or more permissions to revoke. Click the box in the header row to select all available permissions.
    Warning!  Revoking permissions may result in unexpected revocation from other users or groups. See Following the User or Role Table Permission Grant Trail.
  10. Click Finish.
  11. Click OK.
    Note: The expanded table structure collapses, appearing as if all permissions were revoked, instead of the selected permission. Re-expand the table to view the remaining permissions.
Related tasks
Authenticating a Login Account for a Managed Resource
Related reference
Role-Based Database Object Permissions Privilege Summary