Role Name
| Element | Description | Restrictions | Syntax |
|---|---|---|---|
| role | A role with one of these attributes:
|
Must exist. If enclosed between quotation marks, role is case sensitive. | Owner name |
Immediately after the REVOKE keyword, the name of a role specifies a role to be revoked from the user list. After the FROM keyword, however, the name of a role specifies a role from which access privilege (or another role) is to be revoked. The same FROM clause can include both user and role names if no other REVOKE options conflict with the user or role specifications. Syntax to revoke privileges on a role or from a role are extensions to the ANSI/ISO standard for SQL.
When you include a role after the FROM keyword of the REVOKE statement, the specified privilege (or another role) is revoked from that role, but users who have that role retain any privileges or roles that were granted to them individually.
If you enclose role between quotation marks, the name is case sensitive and is stored exactly as you typed it. In an ANSI-compliant database, if you do not use quotation marks as delimiters, the role is stored in uppercase letters.
When you revoke a role that was granted to a user with the WITH GRANT OPTION keywords, you revoke both the role and the option to grant it.
- Remove users or remove another role from inclusion in the specified
role:
REVOKE accounting FROM mary; REVOKE payroll FROM accounting;
- Remove one or more access privileges from a role:
REVOKE UPDATE ON employee FROM accounting;
When you revoke table-level privileges from a role, you cannot include the RESTRICT or CASCADE keywords.