Neoview SQL Reference Manual (R2.4)
FROM {authid [,authid]... | PUBLIC}
specifies one or more roles from whom you revoke privileges.
grantee is authid | PUBLIC
authid specifies an authorization ID from which you revoke privileges. Authorization IDs
identify roles during the processing of SQL statements. The authorization ID must be a valid
role name, enclosed in double quotes. authid is not case-sensitive.
SQL:1999 specifies two special authorization IDs: PUBLIC and SYSTEM.
• PUBLIC specifies all present and future authorization IDs.
• SYSTEM specifies the implicit grantor of privileges to the creators of objects.
You cannot specify SYSTEM as an authid in a REVOKE statement.
drop-behavior
If you specify RESTRICT, the REVOKE operation fails if there are privilege descriptors or
objects that would no longer be valid after the specified privileges are removed. If you specify
CASCADE, any such dependent privilege descriptors are removed as part of the REVOKE
operation. The default is RESTRICT.
If you revoke the CREATE privilege or CREATE privilege variant, objects already owned by
the grantee are still owned by the grantee. Revoking a CREATE privilege does not remove
any objects.
Considerations for REVOKE SCHEMA
When a revoke is issued on a schema, it does not take effect until the query referencing an object
in the schema is re-prepared. For objects, the revoke action is immediate.
Authorization and Availability Requirements
You can revoke only those privileges that you have previously granted to the role. If one or more
of the privileges does not exist, the system returns a warning.
You cannot revoke privileges from a role if you have granted privileges to PUBLIC.
Examples of REVOKE SCHEMA
• This example revokes one role’s SELECT privileges on a schema:
REVOKE SELECT ON SCHEMA persnl
FROM "role.dev";
• This example revokes the privileges of granting SELECT and DELETE privileges on a schema
from two roles:
REVOKE GRANT OPTION FOR SELECT, DELETE
ON SCHEMA sales FROM "role.payroll", "role.finance";
160 SQL Statements