Revoking user permissions and authorities

A user's permissions are a combination of those that have been granted and those that have been revoked. By revoking and granting permissions, you can manage the pattern of user permissions on a database.

A user with DBA authority or the owner of the procedure must issue this command.

If you are revoking connect permissions or table permissions from another user, the other user must not be connected to the database. You cannot revoke connect permissions from dbo.

The REVOKE statement revokes permissions that have been explicitly granted to the user (that is, not inherited from the groups to which they belong). The syntax for the REVOKE statement is the same as for the GRANT statement. For example, to revoke user M_Haneef's ability to execute my_procedure, the command is:

REVOKE EXECUTE
ON my_procedure
FROM M_Haneef;

To revoke their permission to delete rows from sample_table, the command is:

REVOKE DELETE
ON sample_table
FROM M_Haneef;

When you add a user to a group, the user inherits all the permissions and inheritable authorities assigned to that group. SQL Anywhere does not allow you to revoke a subset of the permissions and authorities that a user inherits as a member of a group. You can only revoke permissions that are explicitly given by a GRANT statement. If you need to remove inherited permissions or authorities from a user, consider creating a new group with the required permissions and authorities, and making the user a member, or remove the user from the group and explicitly grant the permissions they require.

See also