When you add a user to a group, the user inherits the permissions (except the permission to grant a user the same permission using the WITH GRANT OPTION) and inheritable authorities assigned to that group. SQL Anywhere does not allow you to revoke a subset of the permissions and authorities that a user inherits as a member of a group. You can only revoke permissions that are explicitly given by a GRANT statement. If you need to remove inherited permissions or authorities from a user, consider creating a new group with the required permissions and authorities, and making the user a member, or remove the user from the group and explicitly grant the permissions they require.

If you revoke a permission for a user and they also had WITH GRANT OPTION for that permission, then everyone who that user granted the permission to also has their permission revoked. For example, suppose you granted UserA SELECT...WITH GRANT OPTION permissions on a table and UserA then grants the SELECT permission on the table to UserB. If you revoke the SELECT permission from UserA, it will be revoked for UserB as well.

The syntax for the REVOKE statement is similar as for the GRANT statement. Execute the following statement to revoke user M_Haneef's ability to execute my_procedure:

REVOKE EXECUTE
ON my_procedure
FROM M_Haneef;

Execute the following command to revoke their permission to delete rows from sample_table:

REVOKE DELETE
ON sample_table
FROM M_Haneef;

• Permission revocation
• REVOKE statement
• GRANT statement