Remove the ability of a user to impersonate other users and administer the system privilege.
Revoke Type | Description |
---|---|
Administrative rights to system privilege only |
REVOKE ADMIN OPTION FOR SET USER ( ANY ) FROM user_ID [,...] |
System privilege to impersonate any database user, including administrative rights |
REVOKE SET USER FROMFROM user_ID [,...] |
System privilege to impersonate specified users |
REVOKE SET USER ( target_users_list ) FROM user_ID [,...] |
System privilege to impersonate specified roles |
REVOKE SET USER ( ANY WITH ROLES target_roles_list ) FROM user_ID [,...] |
These statements removes the ability for Sam to impersonate any database user:
REVOKE SET USER (ANY) FROM Sam or REVOKE SET USER FROM Sam
This statement removes administrative rights only to the SET USER system privilege from Frank. Frank can still impersonate any user in the database.
REVOKE ADMIN OPTION FOR SET USER (ANY) FROM Frank
This statement removes the ability of Bob and Jeff to impersonate Mary, Joe, or Sue only.
REVOKE SET USER (Mary, Joe, Sue) FROM Bob, Jeff
This statement removes the ability of Mary to impersonate any member of the Sales1 role:
REVOKE SET USER (ANY WITH ROLES Sales1) FROM Mary
This statement removes the ability of Sarah to impersonate Joe or Sue, or any member of the Sales2 role:
REVOKE SET USER (Joe, Sue), (ANY WITH ROLES Sales2) FROM Sarah
This statement removes the ability of Joan to impersonate any member of the Marketing1 or Marketing2 roles:
REVOKE SET USER (ANY WITH ROLES Marketing1, Markeing2) FROM Joan