2 $Header: /cvsroot/pgsql/doc/src/sgml/ref/revoke.sgml,v 1.20 2002/02/18 23:11:03 petere Exp $
3 PostgreSQL documentation
6 <refentry id="SQL-REVOKE">
8 <refentrytitle id="sql-revoke-title">REVOKE</refentrytitle>
9 <refmiscinfo>SQL - Language Statements</refmiscinfo>
13 <refname>REVOKE</refname>
14 <refpurpose>remove access privileges</refpurpose>
19 REVOKE { { SELECT | INSERT | UPDATE | DELETE | RULE | REFERENCES | TRIGGER } [,...] | ALL [ PRIVILEGES ] }
20 ON [ TABLE ] <replaceable class="PARAMETER">object</replaceable> [, ...]
21 FROM { <replaceable class="PARAMETER">username</replaceable> | GROUP <replaceable class="PARAMETER">groupname</replaceable> | PUBLIC } [, ...]
23 REVOKE { EXECUTE | ALL [ PRIVILEGES ] }
24 ON FUNCTION <replaceable>funcname</replaceable> ([<replaceable>type</replaceable>, ...]) [, ...]
25 FROM { <replaceable class="PARAMETER">username</replaceable> | GROUP <replaceable class="PARAMETER">groupname</replaceable> | PUBLIC } [, ...]
27 REVOKE { USAGE | ALL [ PRIVILEGES ] }
28 ON LANGUAGE <replaceable>langname</replaceable> [, ...]
29 FROM { <replaceable class="PARAMETER">username</replaceable> | GROUP <replaceable class="PARAMETER">groupname</replaceable> | PUBLIC } [, ...]
33 <refsect1 id="SQL-REVOKE-description">
34 <title>Description</title>
37 <command>REVOKE</command> allows the creator of an object to revoke
38 previously granted permissions from one or more users or groups of users.
39 The key word <literal>PUBLIC</literal> refers to the implicitly defined
44 Note that any particular user will have the sum
45 of privileges granted directly to him, privileges granted to any group he
46 is presently a member of, and privileges granted to
47 <literal>PUBLIC</literal>. Thus, for example, revoking SELECT privilege
48 from <literal>PUBLIC</literal> does not necessarily mean that all users
49 have lost SELECT privilege on the object: those who have it granted
50 directly or via a group will still have it.
54 See the description of the <xref linkend="sql-grant" endterm="sql-grant-title"> command for
55 the meaning of the privilege types.
59 <refsect1 id="SQL-REVOKE-notes">
63 Use <xref linkend="app-psql">'s <command>\z</command> command to
64 display the privileges granted on existing objects. See also <xref
65 linkend="sql-grant"> for information about the format.
69 <refsect1 id="SQL-REVOKE-examples">
70 <title>Examples</title>
73 Revoke insert privilege for the public on table
74 <literal>films</literal>:
77 REVOKE INSERT ON films FROM PUBLIC;
82 Revoke all privileges from user <literal>manuel</literal> on view <literal>kinds</literal>:
85 REVOKE ALL PRIVILEGES ON kinds FROM manuel;
90 <refsect1 id="SQL-REVOKE-compatibility">
91 <title>Compatibility</title>
97 The compatibility notes of the <xref linkend="sql-grant" endterm="sql-grant-title"> command
98 apply analogously to <command>REVOKE</command>. The syntax summary is:
101 REVOKE [ GRANT OPTION FOR ] { SELECT | INSERT | UPDATE | DELETE | REFERENCES }
102 ON <replaceable class="parameter">object</replaceable> [ ( <replaceable class="parameter">column</replaceable> [, ...] ) ]
103 FROM { PUBLIC | <replaceable class="parameter">username</replaceable> [, ...] }
104 { RESTRICT | CASCADE }
109 If user1 gives a privilege WITH GRANT OPTION to user2,
110 and user2 gives it to user3 then user1 can revoke
111 this privilege in cascade using the CASCADE keyword.
112 If user1 gives a privilege WITH GRANT OPTION to user2,
113 and user2 gives it to user3, then if user1 tries to revoke
114 this privilege it fails if he specifies the RESTRICT
121 <title>See Also</title>
124 <xref linkend="sql-grant">
130 <!-- Keep this comment at the end of the file
135 sgml-minimize-attributes:nil
136 sgml-always-quote-attributes:t
139 sgml-parent-document:nil
140 sgml-default-dtd-file:"../reference.ced"
141 sgml-exposed-tags:nil
142 sgml-local-catalogs:"/usr/lib/sgml/catalog"
143 sgml-local-ecat-files:nil