Revoking User Permissions in Interactive SQL

Any user's permissions are a combination of those that have been granted and those that have been revoked. By revoking and granting permissions, you can manage the pattern of user permissions on a database.

The REVOKE statement is the exact converse of the GRANT statement.

  1. Connect as a user with DBA or PERMS ADMIN authority or as the owner of the procedure.
  2. Execute a REVOKE statement.
    For example, to disallow M_Haneef from executing my_procedure:
    REVOKE EXECUTE ON my_procedure FROM M_Haneef
    To disallow M_Haneef from deleting rows from sample_table:
    REVOKE DELETE ON sample_table FROM M_Haneef

Warning!  Before you revoke privileges or drop a user, be aware of the following restrictions:

  • Before issuing REVOKE CONNECT or sp_dropuser, you must remove any objects, such as tables, owned by that user. If you try to revoke a user's connect privileges or use the stored procedure sp_dropuser while the user owns any database objects, you receive an error.

  • Procedures like sp_dropuser provide minimal compatibility with Adaptive Server Enterprise stored procedures. If you are accustomed to Adaptive Server Enterprise (or Sybase IQ 11.x) stored procedures, compare their text with current Sybase IQ procedures before using the procedure in dbisql. To compare, use the command 
    sp_helptext 'owner.procedure_name'
    For all system stored procedures delivered by Sybase, the owner is dbo. To see the text of a stored procedure of the same name owned by a different user, you must specify that user, for example:
    sp_helptext 'myname.myprocedure'
Parent topic: Managing Individual User IDs and Permissions