Removing Permissions on a Table or Column from a User or Group

Remove permissions on a table or column from an authority-based user or group.

Prerequisites

Database Version	Authority-Based Database Object Permissions
SAP Sybase IQ 15.3 and 15.4	You must have one of: DBA authority PERMS ADMIN authority You have administrative rights (with grant option) to the permission You own the database object
SAP Sybase IQ 16.0	Not supported.

The SAP Sybase IQ resource is authenticated and running.
The selected resource supports authority-based security.

Task

The REVOKE command applies to the database object permission itself, not to any administrative right granted on the permission. Therefore, to remove the administrative right only and leave the database object permission intact, do not use the Revoke button. Rather, regrant the specific permission without administrative rights. Only the original grantor can remove the administrative rights only from a granted permission. If another grantor regrants the same permission without administrative rights, a new permission without administrative rights is granted, but the original permission with administrative rights remains and takes precedence over any other non-administrative grants of the same permission to the same user or group.

If multiple permissions are granted, you can revoke some or all of the permissions. However, if you revoke a permission granted administrative rights, and the grantee has granted the permission to other users, who in turn have granted it to other users, and so on, every grantee in the chain who has received the permission indirectly, with or without administrative rights, also has their permission revoked. For example, UserA is granted the SELECT permission with the With grant option. UserA grants SELECT to UserB with the With grant option. UserB grants SELECT to UserC and UserD without administrative rights and to UserE with administrative rights. When you revoke the SELECT permission from UserA, it is also revoked for UserB, UserC, UserD and UserE.

In the Perspective Resources view, select the resource, and select Resource > Administration Console.
In the left pane, expand IQ Servers > Security > Authority-Based, and then select Users or Groups.
Select a user or group from the right pane and either:
- Click the arrow to the right of the name and select Properties, or
- From the Administration Console menu bar, select Resource > Properties.
In the left pane, click Permissions.
In the right pane, expand the table containing the permission to be removed and then highlight the row containing the specific permission to be removed.

Note: If the permission appears on the list multiple times with different grantors, with or without administrative rights, it does not matter which instance is selected.
Click Revoke.
A list of permissions currently granted (regardless of administrative rights) appears.
Select one or more permissions to revoke. Click the box in the header row to select all available permissions.

Warning! Revoking permissions may result in unexpected revocation from other users or groups. See Following the User or Group Table Permission Grant Trail.
Click Finish to close the permissions wizard.
(Optional) To view details on the permissions currently granted on a table or column, expand the table name in the Name column.
Do one of:
- Click OK to update any changes to the database and exit the properties view.
- Click Cancel to cancel any changes not updated to the database and exit the properties view.