11.7.3 Revoking an HADB user's user privileges and schema operation privilege
You can use the REVOKE definition SQL statement to revoke user privileges and the schema operation privilege that were granted to an HADB user.
The REVOKE statement must be executed by an HADB user who has the DBA privilege and CONNECT privilege.
The following are examples of revoking user privileges and the schema operation privilege that were granted to HADB users.
- Specification example 1
-
The DBA privilege, CONNECT privilege, and schema definition privilege that were granted to the HADB user ADBUSER02 are revoked.
REVOKE DBA,CONNECT,SCHEMA FROM "ADBUSER02" CASCADE
- Important
-
Because, if the schema definition privilege is revoked, the schemas and tables that are owned by the target HADB user are also deleted, the following might be affected:
-
The viewed tables that depend on the table to be deleted by execution of the REVOKE statement (viewed tables for other schemas) are deleted or invalidated.
-
The foreign keys that use as the referenced table the table to be deleted by execution of the REVOKE statement (foreign keys for other schemas) are also deleted.
For details about deleting schemas, see 11.9.2 Deleting a schema. If the base table defined in the schema is non-updatable, temporary work files created by the interrupted command might remain.
-
- Specification example 2
-
The CONNECT privilege and schema definition privilege that were granted to HADB users ADBUSER03 and ADBUSER04 are revoked. However, if ADBUSER03 and ADBUSER04 own schemas, the execution of the REVOKE statement is halted.
REVOKE CONNECT,SCHEMA FROM "ADBUSER03","ADBUSER04" RESTRICT
If the REVOKE statement is executed when ADBUSER03 owns schemas but ADBUSER04 does not own schemas, execution of the REVOKE statement is halted on both ADBUSER03 and ADBUSER04.
For details about the REVOKE statement, see REVOKE (revoke privileges) in Definition SQL in the manual HADB SQL Reference.
- Important
-
You cannot revoke the CONNECT privilege or schema definition privilege of an HADB user who has the audit privilege.