ibm-information-center/dist/eclipse/plugins/i5OS.ic.db2_5.4.0.1/rbafzmstrevoket.htm

211 lines
12 KiB
HTML
Raw Normal View History

2024-04-02 14:02:31 +00:00
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en-US" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="dc.language" scheme="rfc1766" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<meta name="dc.date" scheme="iso8601" content="2005-09-19" />
<meta name="copyright" content="(C) Copyright IBM Corporation 1998, 2006" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow"/>
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="keywords" content="REVOKE (Table or View Privileges) statement,
REVOKE (Table or View Privileges), SQL statements, ALL PRIVILEGES clause,
ALL clause, ALTER clause, DELETE clause, INDEX clause, INSERT clause,
REFERENCES clause, SELECT clause, UPDATE clause, ON TABLE clause,
in REVOKE (Table or View Privileges) statement, table-name, view-name,
FROM clause, authorization-name, PUBLIC clause" />
<title>REVOKE (Table or View Privileges)</title>
<link rel="stylesheet" type="text/css" href="ibmidwb.css" />
<link rel="stylesheet" type="text/css" href="ic.css" />
</head>
<body>
<a id="Top_Of_Page" name="Top_Of_Page"></a><!-- Java sync-link -->
<script language = "Javascript" src = "../rzahg/synch.js" type="text/javascript"></script>
<a name="revoket"></a>
<h2 id="revoket"><a href="rbafzmst02.htm#ToC_1247">REVOKE (Table or View Privileges)</a></h2><a id="idx3068" name="idx3068"></a><a id="idx3069" name="idx3069"></a>
<a name="revokt"></a>
<p id="revokt">This form of the REVOKE statement removes privileges on a table
or view.</p>
<a name="wq1706"></a>
<h3 id="wq1706"><a href="rbafzmst02.htm#ToC_1248">Invocation</a></h3>
<p>This statement can be embedded in an application program or issued interactively.
It is an executable statement that can be dynamically prepared.</p>
<a name="wq1707"></a>
<h3 id="wq1707"><a href="rbafzmst02.htm#ToC_1249">Authorization</a></h3>
<p>The privileges held by the authorization ID of the statement must include
at least one of the following: </p>
<ul>
<li>For each table or view identified in the statement:
<ul>
<li>Every privilege specified in the statement</li>
<li>The system authority of *OBJMGT on the table or view</li>
<li>The system authority *EXECUTE on the library containing the table or view</li></ul></li>
<li>Administrative authority</li></ul>
<a name="wq1708"></a>
<h3 id="wq1708"><a href="rbafzmst02.htm#ToC_1250">Syntax</a></h3>
<a href="rbafzmstrevoket.htm#synsrevoketbl"><img src="c.gif" alt="Click to skip syntax diagram" /></a>
<pre class="cgraphic"><span><img src="c.gif" alt="Read syntax diagram" longdesc="rbafzmstsyn374.htm"
border="0" /></span><a href="#skipsyn-373"><img src="c.gif" alt="Skip visual syntax diagram"
border="0" /></a> .-PRIVILEGES-.
>>-REVOKE--+-ALL--+------------+---------------------------+---->
| .-,-----------------------------------------. |
| V | |
'---+-ALTER---------------------------------+-+-'
+-DELETE--------------------------------+
+-INDEX---------------------------------+
+-INSERT--------------------------------+
+-REFERENCES--+-----------------------+-+
| | .-,-----------. | |
| | V | | |
| '-(----<span class="italic">column-name</span>-+--)-' |
+-SELECT--------------------------------+
'-UPDATE--+-----------------------+-----'
| .-,-----------. |
| V | |
'-(----<span class="italic">column-name</span>-+--)-'
.-,--------------.
.-TABLE-. V |
>--ON--+-------+----+-<span class="italic">table-name</span>-+-+--FROM---------------------->
'-<span class="italic">view-name</span>--'
.-,----------------------.
V |
>----+-<span class="italic">authorization-name</span>-+-+---------------------------------->&lt;
'-PUBLIC-------------'
</pre>
<a name="skipsyn-373" id="skipsyn-373"></a>
<a name="synsrevoketbl"></a>
<h3 id="synsrevoketbl"><a href="rbafzmst02.htm#ToC_1251">Description</a></h3>
<dl class="parml">
<dt class="bold">ALL <span class="base">or</span> ALL PRIVILEGES </dt><a id="idx3070" name="idx3070"></a><a id="idx3071" name="idx3071"></a>
<dd>Revokes one or more privileges from each <span class="italic">authorization-name</span>. The privileges revoked are those privileges on the identified tables
and views that were granted to the <span class="italic">authorization-names</span>. Note that revoking ALL PRIVILEGES on a table or view is not the same
as revoking the system authority of *ALL.
<p>If you do not use ALL, you must
use one or more of the keywords listed below. Each keyword revokes the privilege
described, but only as it applies to the tables and views named in the ON
clause.</p>
</dd>
<dt class="bold">ALTER </dt><a id="idx3072" name="idx3072"></a>
<dd>Revokes the privilege to use the ALTER TABLE statement on tables. Revokes
the privilege to use the COMMENT and LABEL statements on tables and views.
</dd>
<dt class="bold">DELETE </dt><a id="idx3073" name="idx3073"></a>
<dd>Revokes the privilege to use the DELETE statement.
</dd>
<dt class="bold">INDEX </dt><a id="idx3074" name="idx3074"></a>
<dd>Revokes the privilege to use the CREATE INDEX statement.
</dd>
<dt class="bold">INSERT </dt><a id="idx3075" name="idx3075"></a>
<dd>Revokes the privilege to use the INSERT statement.
</dd>
<dt class="bold">REFERENCES </dt><a id="idx3076" name="idx3076"></a>
<dd>Revokes the privilege to add a referential constraint in which the table
is a parent.
</dd>
<dt class="bold">REFERENCES (<var class="pv">column-name</var>,...) </dt><a id="idx3077" name="idx3077"></a>
<dd>Revokes the privilege to add a referential constraint using the specified
column(s) in the parent key. Each column name must be an unqualified name
that identifies a column in each table identified in the ON clause.
</dd>
<dt class="bold">SELECT </dt><a id="idx3078" name="idx3078"></a>
<dd>Revokes the privilege to use the SELECT or CREATE VIEW statement.
</dd>
<dt class="bold">UPDATE </dt><a id="idx3079" name="idx3079"></a>
<dd>Revokes the privilege to use the UPDATE statement.
</dd>
<dt class="bold">UPDATE (<var class="pv">column-name</var>,...) </dt><a id="idx3080" name="idx3080"></a>
<dd>Revokes the privilege to update the specified columns. Each column
name must be an unqualified name that identifies a column in each table identified
in the ON clause.
</dd>
<dt class="bold">ON <var class="pv">table-name</var><span class="base"> or </span> <var class="pv">view-name, ...</var> </dt><a id="idx3081" name="idx3081"></a><a id="idx3082" name="idx3082"></a><a id="idx3083" name="idx3083"></a>
<dd>Identifies the table or view on which you are revoking the privileges.
The <span class="italic">table-name</span> or <span class="italic">view-name</span> must
identify a table or view that exists at the current server, but must not identify
a global temporary table.
</dd>
<dt class="bold">FROM </dt><a id="idx3084" name="idx3084"></a>
<dd>Identifies from whom the privileges are revoked.
<dl class="parml">
<dt class="bold"><var class="pv">authorization-name,...</var> </dt><a id="idx3085" name="idx3085"></a>
<dd>Lists one or more authorization IDs. Do not specify the same <var class="pv">authorization-name</var> more than once.
</dd>
<dt class="bold">PUBLIC </dt><a id="idx3086" name="idx3086"></a>
<dd>Revokes the specified privileges from PUBLIC.
</dd>
</dl>
</dd>
</dl>
<a name="wq1709"></a>
<h3 id="wq1709"><a href="rbafzmst02.htm#ToC_1252">Notes</a></h3>
<p><span class="bold">Multiple grants:</span> If the same privilege is granted
to the same user more than once, revoking that privilege from that user nullifies
all those grants.</p>
<p>If you revoke a privilege, it nullifies any grant of that privilege, regardless
of who granted it.</p>
<p><span class="bold">Revoking WITH GRANT OPTION:</span> The only way to revoke
the WITH GRANT OPTION is to revoke ALL.</p>
<p><span class="bold">Privilege warning:</span> Revoking a specific privilege
from a user does not necessarily prevent that user from performing an action
that requires that privilege. For example, the user may still have the privilege
through PUBLIC or administrative privileges.</p>
<p>If more than one system authority will be revoked with an SQL privilege,
and any one of the authorities cannot be revoked, then a warning occurs and
no authorities will be revoked for that privilege.</p>
<p><span class="bold">Corresponding system authorities:</span> When a table privilege
is revoked, the corresponding system authorities are revoked, except: </p>
<ul>
<li>When revoking authorities to a table or view, *OBJOPR is revoked only
when *ADD, *DLT, *READ, and *UPD have all been revoked.</li>
<li>When revoking authorities to a view, authorities will not be
revoked from any tables or views referenced in the fullselect of the view
definition.</li></ul><p class="indatacontent">For information on the system authorities that correspond to SQL privileges
see <a href="rbafzmstgnt.htm#gnt">GRANT (Table or View Privileges)</a>.</p>
<p>Revoking either the INDEX or ALTER privilege, revokes the system authority
*OBJALTER.</p>
<a name="wq1710"></a>
<h3 id="wq1710"><a href="rbafzmst02.htm#ToC_1253">Examples</a></h3>
<p><span class="italic">Example 1:</span> Revoke SELECT privileges on table EMPLOYEE
from user ENGLES. </p>
<a name="refrtb1"></a>
<pre id="refrtb1" class="xmp"> <span class="bold">REVOKE SELECT</span>
<span class="bold">ON TABLE</span> EMPLOYEE
<span class="bold">FROM</span> ENGLES</pre>
<p><span class="italic">Example 2:</span> Revoke update privileges on table EMPLOYEE
previously granted to all users. Note that grants to specific users are not
affected. </p>
<a name="refrtb2"></a>
<pre id="refrtb2" class="xmp"> <span class="bold">REVOKE UPDATE</span>
<span class="bold">ON TABLE</span> EMPLOYEE
<span class="bold">FROM PUBLIC</span></pre>
<p><span class="italic">Example 3:</span> Revoke all privileges on table EMPLOYEE
from users PELLOW and ANDERSON. </p>
<a name="refrtb3"></a>
<pre id="refrtb3" class="xmp"> <span class="bold">REVOKE ALL</span>
<span class="bold">ON TABLE</span> EMPLOYEE
<span class="bold">FROM</span> PELLOW, ANDERSON</pre>
<p><span class="italic">Example 4:</span> Revoke the privilege to update column_1
in VIEW1 from FRED. </p>
<a name="refrtb4"></a>
<pre id="refrtb4" class="xmp"> <span class="bold">REVOKE UPDATE(</span>column_1<span class="bold">)
ON</span> VIEW1
<span class="bold">FROM</span> FRED</pre>
<hr /><br />
[ <a href="#Top_Of_Page">Top of Page</a> | <a href="rbafzmstrspriv.htm">Previous Page</a> | <a href="rbafzmstrollbac.htm">Next Page</a> | <a href="rbafzmst02.htm#wq1">Contents</a> |
<a href="rbafzmstindex.htm#index">Index</a> ]
<a id="Bot_Of_Page" name="Bot_Of_Page"></a>
</body>
</html>