REVOKE statement revokes privileges on a
specified object from groups or users.
GRANT statement for the required privileges and the scope for SQL
ALL privilege is a distinct privilege and not a union
of all other privileges.
The following syntax is supported when Impala is using Ranger to manage authorization.
REVOKE privilege ON object_type object_name FROM USER user_name REVOKE privilege ON object_type object_name FROM GROUP group_name privilege ::= ALL | ALTER | CREATE | DROP | INSERT | REFRESH | SELECT | SELECT(column_name) object_type ::= SERVER | URI | DATABASE | TABLE
You cannot revoke a privilege granted with the
WITH GRANT OPTION. If a
privilege is granted with the
WITH GRANT OPTION, first revoke the grant
option, and then revoke the privilege.
Typically, the object name is an identifier. For URIs, it is a string literal.
The ability to grant or revoke
SELECT privilege on
specific columns is available in Impala 2.3 and higher.
Only administrative users those with
ALL privileges on the
server can use this statement.
- The Impala
REVOKEstatement is available in Impala 2.0 and higher.
- In Impala 1.4 and higher, Impala makes use of any privileges
specified by the
REVOKEstatements in Hive, when your system is configured to use the Ranger service.
Cancellation: Cannot be cancelled.
HDFS permissions: This statement does not touch any HDFS files or directories, therefore no HDFS permissions are required.