REVOKE ROLE

This page documents a preview version. v2.23 Preview
Preview includes features under active development and is for development and testing only.
For production, use the latest stable version (v2024.1).

Synopsis

Use the REVOKE ROLE statement to revoke a role (which represents a group of permissions and the SUPERUSER status) from another role.

This statement is enabled by setting the YB-TServer flag --use_cassandra_authentication to true.

Syntax

Diagram

revoke_role

REVOKErole_nameFROMrole_name

Grammar

revoke_role ::= REVOKE ROLE role_name FROM role_name

Where

  • role_name is a text identifier.

Semantics

  • Both roles must exist or an error will be raised.
  • Permission AUTHORIZE on ALL ROLES or on the roles being used in the statement is necessary. Otherwise, an unauthorized error will be returned.
  • You cannot revoke a role that hasn't been granted or an error will be raised.

Examples

ycqlsh:example> REVOKE ROLE project_y from diana;

See also