Skip to main content

REVOKE permission (bSQL) | Blockpoint Docs

Revokes permissions on a database or blockchain. For examples, see Examples.

bSQL Syntax Conventions

Syntax

REVOKE <database_principal> <permission> ON   
[database_name/database_name.blockchain_name]

<permission> ::=
CONTROL
| MANAGEMENT
| AUTH
| ALTER
| WRITE
| INSERT
| AMEND
| DISCONTINUE
| READ

<database_principal> ::=
Database_user
| Database_role

Arguments

permission
Specifies the type of permission you wish to grant, for a complete list of permission definitions see Database Roles and Permissions.

database_name
Specifies a database.

blockchain_name
Specifies a blockchain.

Database_user
Specifies a database user.

Database_role
Specifies a database role.

Permissions

Requires AUTH permission on the database if specifying permissions for a Database_user. If specifying permissions for a Database_role the user must be the owner or belong to the ownership role.

Remarks

When specifying the control permission all permissions on the blockchain or database are subsequently revoked. The command errors if it is coupled with redundant permissions.

Examples

Basic Syntax

Examples in this section demonstrate the basic functionality of the REVOKE statement using the minimum required syntax and use the Demo Database.

A. Revoking MANAGEMENT permission to a new database role.

The following example creates a role name "newrole", adds MANAGEMENT permissions on the financial database, and then revokes the permissions that were added.

CREATE ROLE newrole
GRANT newRole MANAGEMENT ON financial
REVOKE newRole MANAGEMENT ON financial

B. Revoking multiple permissions from a role.

The following example revokes WRITE and READ permissions from the analytics role on the blockchain pricing in the financial database.

NOTE

Revoking WRITE subsequently revokes all sub-permission: INSERT, AMEND, and DISCONTINUE.

REVOKE analytics WRITE READ ON financial.pricing

See Also