REVOKE

Applies to: Databricks SQL Databricks Runtime

Revokes an explicitly granted or denied privilege on a securable object from a principal.

Note

Modifying access to the samples catalog is not supported. This catalog is available to all workspaces, but is read-only.

Use REVOKE ON SHARE to revoke access on shares from recipients.

Syntax

REVOKE privilege_types ON securable_object FROM principal

privilege_types
  { ALL PRIVILEGES |
    privilege_type [, ...] }

Parameters

• privilege_types

  This identifies one or more privileges to be revoked from the principal.

  • ALL PRIVILEGES

    Revoke all privileges applicable to the securable_object. In Unity Catalog, when ALL PRIVILEGES is revoked only the ALL PRIVILEGES privilege itself is revoked. Users retain any other privileges that were granted to them separately.

  • privilege_type

    The specific privilege to be revoked on the securable_object from the principal.

• securable_object

  The object on which the privileges are granted to the principal.

• principal

  A user, service principal, or group from which the privileges are revoked. You must enclose users, service principals, and group names with special characters in backticks (` `).

Examples

> REVOKE ALL PRIVILEGES ON SCHEMA default FROM `alf@melmak.et`;

> REVOKE SELECT ON TABLE t FROM aliens;

Related articles

• GRANT
• REPAIR PRIVILEGES
• REVOKE ON SHARE
• SHOW GRANTS