Using the revoke Command's granted by Option

Usage information for using the revoke command's granted by option.

  • granted by is not allowed on revoking predicated privileges.

  • It is not required that the grantor has permission to execute the grant command.

  • The permission granted by the grantor (indicated by sysprotects.grantor), not the command executor, would be revoked.

  • You need not enable enable granular permissions to use the granted by parameter.

  • Users who received their grant permission on an object with the with grant option cannot issue the granted by parameter. All other users may issue the granted by parameter.

    For example, John gets permission on mary's table through with grant option. An error returns when he tries to issue the revoke statement using granted by option. Mary:

    grant select on mary.books to john 
    with grant option

    Mary:

    grant select on mary.books to smith

    John:

    revoke select on mary.books from smith 
    granted by mary