2020-04-09 14:02:39 +00:00
---
toc_priority: 40
toc_title: REVOKE
---
2020-06-18 08:24:31 +00:00
# REVOKE {#revoke}
2020-04-09 14:02:39 +00:00
Revokes privileges from users or roles.
## Syntax {#revoke-syntax}
**Revoking privileges from users**
``` sql
REVOKE [ON CLUSTER cluster_name] privilege[(column_name [,...])] [,...] ON {db.table|db.*|*.*|table|*} FROM {user | CURRENT_USER} [,...] | ALL | ALL EXCEPT {user | CURRENT_USER} [,...]
```
**Revoking roles from users**
``` sql
REVOKE [ON CLUSTER cluster_name] [ADMIN OPTION FOR] role [,...] FROM {user | role | CURRENT_USER} [,...] | ALL | ALL EXCEPT {user_name | role_name | CURRENT_USER} [,...]
```
## Description {#revoke-description}
2020-05-15 20:30:51 +00:00
To revoke some privilege you can use a privilege of a wider scope than you plan to revoke. For example, if a user has the `SELECT (x,y)` privilege, administrator can execute `REVOKE SELECT(x,y) ...` , or `REVOKE SELECT * ...` , or even `REVOKE ALL PRIVILEGES ...` query to revoke this privilege.
2020-04-09 14:02:39 +00:00
### Partial Revokes {#partial-revokes-dscr}
You can revoke a part of a privilege. For example, if a user has the `SELECT *.*` privilege you can revoke from it a privilege to read data from some table or a database.
## Examples {#revoke-example}
2020-05-15 20:30:51 +00:00
Grant the `john` user account with a privilege to select from all the databases, excepting the `accounts` one:
2020-04-09 14:02:39 +00:00
``` sql
GRANT SELECT ON *.* TO john;
REVOKE SELECT ON accounts.* FROM john;
```
2020-05-15 20:30:51 +00:00
Grant the `mira` user account with a privilege to select from all the columns of the `accounts.staff` table, excepting the `wage` one.
2020-04-09 14:02:39 +00:00
``` sql
GRANT SELECT ON accounts.staff TO mira;
REVOKE SELECT(wage) ON accounts.staff FROM mira;
```
2020-05-08 13:58:38 +00:00
{## [Original article ](https://clickhouse.tech/docs/en/operations/settings/settings/ ) ##}