Nonstop Database, HiRDB Version 9 System Operation Guide

[Contents][Index][Back][Next]

2.3 Revoking user privileges

Organization of this section
(1) Revoking DBA privileges
(2) Revoking CONNECT privileges
(3) Revoking schema definition privileges
(4) Revoking RDAREA usage privileges
(5) Revoking access privileges

(1) Revoking DBA privileges

Executor: HiRDB administrator

The REVOKE statement, which is a definition SQL statement, is used to revoke the DBA privilege.

Example
Revoke the DBA privilege of the user who manages user privileges (authorization identifier: USER001):
  REVOKE DBA FROM USER001

(2) Revoking CONNECT privileges

Executor: HiRDB administrator or user who manages user privileges (user with DBA privilege)

The REVOKE statement, which is a definition SQL statement, is used to revoke the CONNECT privilege.

Example
Revoke the CONNECT privilege of the user whose authorization identifier is USER003:
  REVOKE CONNECT FROM USER003

(3) Revoking schema definition privileges

Executor: HiRDB administrator or user who manages user privileges (user with DBA privilege)

The REVOKE statement, which is a definition SQL statement, is used to revoke the schema definition privilege.

Example
Revoke the schema definition privilege of the user whose authorization identifier is USER002:
  REVOKE SCHEMA FROM USER002

Note
The schema definition privilege of a user who has defined a schema cannot be revoked. When a schema definition privilege is to be revoked, check to make sure that no schema has been defined by that user.

(4) Revoking RDAREA usage privileges

Executor: HiRDB administrator or user who manages user privileges (user with DBA privilege)

The REVOKE statement, which is a definition SQL statement, is used to revoke the RDAREA usage privilege.

Example
Revoke the RDAREA usage privilege for the RDAREA named RDAREA01 of the user whose authorization identifier is USER002:
  REVOKE RDAREA RDAREA01 FROM USER002

Note
The RDAREA usage privilege of a user who has defined a table or index in the specified RDAREA cannot be revoked. When an RDAREA usage privilege is to be revoked, check to make sure that no table or index has been defined in the RDAREA by that user.

(5) Revoking access privileges

Executor: Table owner

The REVOKE statement, which is a definition SQL statement, is used to revoke access privileges.

Example
Revoke the DELETE privilege for a table (authorization-identifier.table-identifier USER002.T001) that was granted to the user with authorization identifier USER004:
  REVOKE DELETE ON USER002.T001 TO USER004

Note
When the SELECT table access privilege is revoked, all the user's view tables defined from that table are deleted.

[Contents][Back][Next]

[Trademarks]

All Rights Reserved. Copyright (C) 2011, 2015, Hitachi, Ltd.