REVOKE <roles>

On this page Carat arrow pointing down

The REVOKE <roles> statement lets you revoke a role or user's membership to a role.

Note:

REVOKE <roles> is no longer an enterprise feature and is now freely available in the core version of CockroachDB.

Synopsis

REVOKE ADMIN OPTION FOR role_name , FROM user_name ,

Required privileges

The user revoking role membership must be a role admin (i.e., members with the ADMIN OPTION) or a superuser (i.e., a member of the admin role).

Considerations

  • The root user cannot be revoked from the admin role.

Parameters

Parameter Description
ADMIN OPTION Revoke the user's role admin status.
role_name The name of the role from which you want to remove members. To revoke members from multiple roles, use a comma-separated list of role names.
user_name The name of the user or role from whom you want to revoke membership. To revoke multiple members, use a comma-separated list of user and/or role names.

Examples

Revoke role membership

icon/buttons/copy
> SHOW GRANTS ON ROLE design;
+--------+---------+---------+
|  role  | member  | isAdmin |
+--------+---------+---------+
| design | barkley | false   |
| design | ernie   | true    |
| design | lola    | false   |
| design | lucky   | false   |
+--------+---------+---------+
icon/buttons/copy
> REVOKE design FROM lola;
icon/buttons/copy
> SHOW GRANTS ON ROLE design;
+--------+---------+---------+
|  role  | member  | isAdmin |
+--------+---------+---------+
| design | barkley | false   |
| design | ernie   | true    |
| design | lucky   | false   |
+--------+---------+---------+

Revoke the admin option

To revoke a user or role's admin option from a role (without revoking the membership):

icon/buttons/copy
> REVOKE ADMIN OPTION FOR design FROM ernie;
+--------+---------+---------+
|  role  | member  | isAdmin |
+--------+---------+---------+
| design | barkley | false   |
| design | ernie   | false   |
| design | lucky   | false   |
+--------+---------+---------+

See also


Yes No
On this page

Yes No