REVOKE

Applies to: check marked yes Databricks SQL check marked yes Databricks Runtime

Revokes an explicitly granted or denied privilege on a securable object from a principal.

Note

Modifying access to the samples catalog is not supported. This catalog is available to all workspaces, but is read-only.

Use REVOKE ON SHARE to revoke access on shares from recipients.

Syntax

REVOKE privilege_types ON securable_object FROM principal

privilege_types
  { ALL PRIVILEGES |
    privilege_type [, ...] }

Parameters

  • privilege_types

    This identifies one or more privileges to be revoked from the principal.

    • ALL PRIVILEGES

      Revoke all privileges applicable to the securable_object. In Unity Catalog, when ALL PRIVILEGES is revoked only the ALL PRIVILEGES privilege itself is revoked. Users retain any other privileges that were granted to them separately.

    • privilege_type

      The specific privilege to be revoked on the securable_object from the principal.

  • securable_object

    The object on which the privileges are granted to the principal.

  • principal

    A user, service principal, or group from which the privileges are revoked. You must enclose users, service principals, and group names with special characters in backticks (` `).

Examples

> REVOKE ALL PRIVILEGES ON SCHEMA default FROM `alf@melmak.et`;

> REVOKE SELECT ON TABLE t FROM aliens;