mirror of
https://github.com/ClickHouse/ClickHouse.git
synced 2024-09-24 10:40:49 +00:00
9ec78855cd
* DOCSUP-2806: Add meta intro. * DOCSUP-2806: Update meta intro. * DOCSUP-2806: Fix meta. * DOCSUP-2806: Add quotes for meta headers. * DOCSUP-2806: Remove quotes from meta headers. * DOCSUP-2806: Add meta headers. * DOCSUP-2806: Fix quotes in meta headers. * DOCSUP-2806: Update meta headers. * DOCSUP-2806: Fix link to nowhere in EN. * DOCSUP-2806: Fix link (settings to tune) * DOCSUP-2806: Fix links. * DOCSUP-2806:Fix links EN * DOCSUP-2806: Fix build errors. * DOCSUP-2806: Fix meta intro. * DOCSUP-2806: Fix toc_priority in examples datasets TOC. * DOCSUP-2806: Fix items order in toc. * DOCSUP-2806: Fix order in toc. * DOCSUP-2806: Fix toc order. * DOCSUP-2806: Fix order in toc. * DOCSUP-2806: Fix toc index in create * DOCSUP-2806: Fix toc order in create. Co-authored-by: romanzhukov <romanzhukov@yandex-team.ru> Co-authored-by: alexey-milovidov <milovidov@yandex-team.ru>
49 lines
1.7 KiB
Markdown
49 lines
1.7 KiB
Markdown
---
|
|
toc_priority: 39
|
|
toc_title: REVOKE
|
|
---
|
|
|
|
# REVOKE Statement {#revoke}
|
|
|
|
Revokes privileges from users or roles.
|
|
|
|
## Syntax {#revoke-syntax}
|
|
|
|
**Revoking privileges from users**
|
|
|
|
``` sql
|
|
REVOKE [ON CLUSTER cluster_name] privilege[(column_name [,...])] [,...] ON {db.table|db.*|*.*|table|*} FROM {user | CURRENT_USER} [,...] | ALL | ALL EXCEPT {user | CURRENT_USER} [,...]
|
|
```
|
|
|
|
**Revoking roles from users**
|
|
|
|
``` sql
|
|
REVOKE [ON CLUSTER cluster_name] [ADMIN OPTION FOR] role [,...] FROM {user | role | CURRENT_USER} [,...] | ALL | ALL EXCEPT {user_name | role_name | CURRENT_USER} [,...]
|
|
```
|
|
|
|
## Description {#revoke-description}
|
|
|
|
To revoke some privilege you can use a privilege of a wider scope than you plan to revoke. For example, if a user has the `SELECT (x,y)` privilege, administrator can execute `REVOKE SELECT(x,y) ...`, or `REVOKE SELECT * ...`, or even `REVOKE ALL PRIVILEGES ...` query to revoke this privilege.
|
|
|
|
### Partial Revokes {#partial-revokes-dscr}
|
|
|
|
You can revoke a part of a privilege. For example, if a user has the `SELECT *.*` privilege you can revoke from it a privilege to read data from some table or a database.
|
|
|
|
## Examples {#revoke-example}
|
|
|
|
Grant the `john` user account with a privilege to select from all the databases, excepting the `accounts` one:
|
|
|
|
``` sql
|
|
GRANT SELECT ON *.* TO john;
|
|
REVOKE SELECT ON accounts.* FROM john;
|
|
```
|
|
|
|
Grant the `mira` user account with a privilege to select from all the columns of the `accounts.staff` table, excepting the `wage` one.
|
|
|
|
``` sql
|
|
GRANT SELECT ON accounts.staff TO mira;
|
|
REVOKE SELECT(wage) ON accounts.staff FROM mira;
|
|
```
|
|
|
|
{## [Original article](https://clickhouse.tech/docs/en/operations/settings/settings/) ##}
|