REVOKE CHANGE PASSWORD Statement

Removes the ability of a user to manage passwords and administer the system privilege.

Quick Links:

Go to Parameters

Go to Examples

Go to Usage

Go to Standards

Go to Permissions

Syntax

REVOKE [ ADMIN OPTION FOR ] CHANGE PASSWORD
   [(target_user_list 
      | ANY 
      | ANY WITH ROLES target_role_list  )]
   FROM userID [,...]

Parameters

(back to top)

Examples

(back to top)

Usage

(back to top)

Depending on how the CHANGE PASSWORD system privilege was initially granted, using the ADMIN OPTION FOR clause when revoking the CHANGE PASSWORD system privilege has different results. If the CHANGE PASSWORD system privilege was originally granted with the WITH ADMIN OPTION clause, including the ADMIN OPTION FOR clause in the revoke statement revokes only the ability to administer the CHANGE PASSWORD system privilege (that is, grant the system privilege to another user). The ability to actually manage passwords for other users remains. However, if the CHANGE PASSWORD system privilege was originally granted with the WITH ADMIN ONLY OPTION clause, including the ADMIN OPTION FOR clause in the revoke statement is semantically equivalent to revoking the entire CHANGE PASSWORD system privilege. Finally, if the CHANGE PASSWORD system privilege was originally granted with the WITH NO ADMIN OPTION clause, and the ADMIN OPTION FOR clause is included in the revoke statement, nothing is revoked because there were no administrative rights granted in the first place.

You can revoke the CHANGE PASSWORD system privilege from any combination of users and roles granted.

Standards

(back to top)

ANSI SQL–Compliance level: Transact-SQL extension.

Permissions

(back to top)

The CHANGE PASSWORD system privilege granted with administrative rights.
Related reference
GRANT CHANGE PASSWORD Statement