If you have applications that use the pre-16.0 REVOKE statement syntax for authorities, permissions, and groups, you should modify them to use the updated syntax for roles and privileges. The table below shows you what the statements should be changed to. Use of the old REVOKE syntax for authorities, permissions, and groups is supported but deprecated.
Pre-16.0 Syntax | New Syntax |
---|---|
REVOKE CONNECT FROM <user> | No change |
REVOKE GROUP FROM <user> |
DROP <rolename> FROM USER <user> WITH REVOKE |
REVOKE MEMBERSHIP IN GROUP <groupname> [,...] FROM <grantee> [,...] | REVOKE ROLE <groupname>[,...] FROM <grantee> [,...] |
REVOKE <authority>[,...] FROM <grantee> [,...] <authority>: BACKUP |DBA |Multiplex Admin |Operator |Perms Admin |PROFILE |READCLIENTFILE |READFILE |REMOTE DBA |RESOURCE | ALL |Space Admin |Spatial Admin |User Admin |VALIDATE |WRITECLIENTFILE |WRITEFILE |
REVOKE <rolename>[,...] FROM <grantee> [,...] <rolename>: SYS_AUTH_BACKUP_ROLE |SYS_AUTH_DBA_ROLE |SYS_AUTH_MULTIPLEX_ADMIN_ROLE |SYS_AUTH_OPERATOR_ROLE |SYS_AUTH_PERMS_ADMIN_ROLE |SYS_AUTH_PROFILE_ROLE |SYS_READCLIENTFILE_ROLE |SYS_AUTH_READFILE_ROLE |SYS_RUN_REPLICATION_ROLE |SYS_AUTH_RESOURCE_ROLE |SYS_AUTH_SPACE_ADMIN_ROLE |SYS_AUTH_SPATIAL_ADMIN_ROLE |SYS_AUTH_USER_ADMIN_ROLE |SYS_AUTH_VALIDATE_ROLE |SYS_AUTH_WRITECLIENTFILE_ROLE |SYS_AUTH_WRITEFILE_ROLE |
REVOKE PUBLISH FROM grantee | No change. However, you can also set the new PUBLIC option, db_publisher: SET OPTION PUBLIC.db_publisher=grantee |
REVOKE <permission>[,...] ON [ owner.]object-name FROM <grantee>[,...] <permission>: ALL [ PRIVILEGES ] | ALTER | DELETE | INSERT | REFERENCES [ ( column-name, ...) ] | SELECT [ ( column-name, ... ) ] | UPDATE [ ( column-name, ... ) ] |
No change, except to naming convention. Object-level permissions are now object-level privileges. |
REVOKE EXECUTE ON [ owner.]{
procedure-name | user-defined-function } FROM <grantee> [,...] |
No Change |
REVOKE INTEGRATED LOGIN FROM <user> | No Change |
REVOKE KERBEROS LOGIN FROM
<user>
[,...] AS USER <user> |
No Change |
REVOKE CREATE ON <dbspacename> [,...] FROM <grantee> [,...] | No Change |