REVOKE ROLE
This page documents a preview version.
v2.23 Preview
Preview includes features under active development and is for development and testing only.
For production, use the latest stable version (v2024.1).
For production, use the latest stable version (v2024.1).
Synopsis
Use the REVOKE ROLE
statement to revoke a role (which represents a group of permissions and the SUPERUSER status) from another role.
This statement is enabled by setting the YB-TServer flag --use_cassandra_authentication
to true
.
Syntax
Diagram
revoke_role
Grammar
revoke_role ::= REVOKE ROLE role_name FROM role_name
Where
role_name
is a text identifier.
Semantics
- Both roles must exist or an error will be raised.
- Permission
AUTHORIZE
onALL ROLES
or on the roles being used in the statement is necessary. Otherwise, an unauthorized error will be returned. - You cannot revoke a role that hasn't been granted or an error will be raised.
Examples
ycqlsh:example> REVOKE ROLE project_y from diana;