Synopsis
Use the REVOKE ROLE
statement to revoke a role (which represents a group of permissions and the SUPERUSER status) from another role.
This statement is enabled by setting the YB-TServer flag --use_cassandra_authentication
to true
.
Syntax
Diagram
revoke_role
Grammar
revoke_role ::= REVOKE ROLE role_name FROM role_name
Where
role_name
is a text identifier.
Semantics
- Both roles must exist or an error will be raised.
- Permission
AUTHORIZE
onALL ROLES
or on the roles being used in the statement is necessary. Otherwise, an unauthorized error will be returned. - You cannot revoke a role that hasn't been granted or an error will be raised.
Examples
ycqlsh:example> REVOKE ROLE project_y from diana;