The REVOKE syntax for authorities, permissions, and groups is supported but deprecated. If you have applications that use the pre-16.0 REVOKE statement syntax, modify them to use the new syntax for roles and privileges.
| Pre-16.0 Syntax | New Syntax |
|---|---|
| REVOKE CONNECT FROM <user> | No change |
| REVOKE GROUP FROM <user> |
DROP <rolename> FROM USER <user> WITH REVOKE |
| REVOKE MEMBERSHIP IN GROUP <groupname> [,...] FROM <grantee> [,...] | REVOKE ROLE <groupname>[,...] FROM <grantee> [,...] |
|
REVOKE <authority>[,...] FROM <grantee> [,...] <authority>: BACKUP |DBA |Multiplex Admin |Operator |Perms Admin |PROFILE |READCLIENTFILE |READFILE |REMOTE DBA |RESOURCE | ALL |Space Admin |Spatial Admin |User Admin |VALIDATE |WRITECLIENTFILE |WRITEFILE |
REVOKE <rolename>[,...] FROM <grantee> [,...] <rolename>: SYS_AUTH_BACKUP_ROLE |SYS_AUTH_DBA_ROLE |SYS_AUTH_MULTIPLEX_ADMIN_ROLE |SYS_AUTH_OPERATOR_ROLE |SYS_AUTH_PERMS_ADMIN_ROLE |SYS_AUTH_PROFILE_ROLE |SYS_READCLIENTFILE_ROLE |SYS_AUTH_READFILE_ROLE |SYS_RUN_REPLICATION_ROLE |SYS_AUTH_RESOURCE_ROLE |SYS_AUTH_SPACE_ADMIN_ROLE |SYS_AUTH_SPATIAL_ADMIN_ROLE |SYS_AUTH_USER_ADMIN_ROLE |SYS_AUTH_VALIDATE_ROLE |SYS_AUTH_WRITECLIENTFILE_ROLE |SYS_AUTH_WRITEFILE_ROLE |
| REVOKE PUBLISH FROM grantee | No change; however, you can also set the new
PUBLIC option, db_publisher: SET OPTION PUBLIC.db_publisher=grantee |
|
REVOKE <permission>[,...] ON [ owner.]object-name FROM <grantee>[,...] <permission>: ALL [ PRIVILEGES ] | ALTER | DELETE | INSERT | REFERENCES [ ( column-name, ...) ] | SELECT [ ( column-name, ... ) ] | UPDATE [ ( column-name, ... ) ] |
No change, except to naming convention. Object-level permissions are now object-level privileges. |
| REVOKE EXECUTE ON [ owner.]{
procedure-name | user-defined-function } FROM <grantee> [,...] |
No change |
| REVOKE INTEGRATED LOGIN FROM <user> | No change |
| REVOKE KERBEROS LOGIN FROM
<user>
[,...] AS USER <user> |
No change |
| REVOKE CREATE ON <dbspacename> [,...] FROM <grantee> [,...] | No change |