REVOKE
Syntax
The REVOKE
statement enables system administrators to revoke privileges from MariaDB accounts. Each account name uses the format described in , "Specifying Account Names". For example:
REVOKE INSERT ON *.* FROM 'jeffrey'@'localhost';
If you specify only the user name part of the account name, a host name part of '%'
is used.
For details on the levels at which privileges exist, the permissible priv_type
and priv_level
values, and the syntax for specifying users and passwords, see , "GRANT
Syntax"
To use the first REVOKE
syntax, you must have the GRANT OPTION
privilege, and you must have the privileges that you are revoking.
To revoke all privileges, use the second syntax, which drops all global, database, table, column, and routine privileges for the named user or users:
REVOKE ALL PRIVILEGES, GRANT OPTION FROMuser
[,user
] ...
To use this REVOKE
syntax, you must have the global CREATE USER
privilege or the UPDATE
privilege for the MariaDB
database.
REVOKE
removes privileges, but does not drop mysql.user
table entries. To remove a user account entirely, use DROP USER
(see , "DROP USER
Syntax") or DELETE
.
If the grant tables hold privilege rows that contain mixed-case database or table names and the lower_case_table_names
system variable is set to a nonzero value, REVOKE
cannot be used to revoke these privileges. It will be necessary to manipulate the grant tables directly. (GRANT
will not create such rows when lower_case_table_names
is set, but such rows might have been created prior to setting the variable.)
When successfully executed from the mysql program, REVOKE
responds with Query OK, 0 rows affected
. To determine what privileges result from the operation, use SHOW GRANTS
. See , "SHOW GRANTS
Syntax".