Share via

REVOKE

Applies to: check marked yes Databricks SQL check marked yes Databricks Runtime

Revokes an explicitly granted or denied privilege on a securable object from a principal.

Note

Modifying access to the samples catalog is not supported. This catalog is available to all workspaces, but is read-only.

Use REVOKE ON SHARE to revoke access on shares from recipients.

Syntax

REVOKE privilege_types ON securable_object FROM principal

privilege_types
  { ALL PRIVILEGES |
    privilege_type [, ...] }

Parameters

  • privilege_types

    This identifies one or more privileges to be revoked from the principal.

    • ALL PRIVILEGES

      Revoke all privileges applicable to the securable_object. In Unity Catalog, when ALL PRIVILEGES is revoked, both the ALL PRIVILEGES grant and any individual privileges implied by it are revoked. Privileges that are not part of ALL PRIVILEGES, such as MANAGE, EXTERNAL USE LOCATION, and EXTERNAL USE SCHEMA, are not affected.

    • privilege_type

      The specific privilege to be revoked on the securable_object from the principal.

  • securable_object

    The object on which the privileges are granted to the principal.

  • principal

    A user, service principal, or group from which the privileges are revoked. You must enclose users, service principals, and group names with special characters in backticks (` `).

Examples

> REVOKE ALL PRIVILEGES ON SCHEMA default FROM `alf@melmak.et`;

> REVOKE SELECT ON TABLE t FROM aliens;

Note

A REVOKE statement succeeds even if the specified privileges were not granted in the first place. It ensures that the privileges are not present, regardless of their previous state.