RDB/VMS SQL REVOKE — VMS RDB_4.0
Removes privileges from or entirely deletes an entry in a database, table, or column ACL. REVOKE ───────────────────────┐ │ ┌────────────<────────────────┘ └┬─> schema-privs ─>
O
N
S
C
H
E
M
A typebox (A)typebox (U)typebox (T)typebox (H)typebox (O)typebox (R)typebox (I)typebox (Z)typebox (A)typebox (T)typebox (I)typebox (O)typebox (N) ─┬─> auth-id ─┬─┬─┐ │ └───── , <───┘ │ │ ├─> table-privs ─>
O
N ─┬───────────┬─┬─┬─> table-name ──┬─┬─┤ │ │ └─>
T
A
B
L
E ──┘ │ └─> view-name ───┘ │ │ │ │ └───────── , ────────┘ │ │ └─> column-privs ─────>
O
N
C
O
L
U
M
N ──┬─> column-name ──┬─────┘ │ └─────── , <──────┘ │ ┌──────────────────────────<───────────────────────────────────┘ └─>
F
R
O
M ─┬┬─> identifier ─┬┬──────────────────────────┬─┬───> typebox (;) │└─>
P
U
B
L
I
C ─────┘├─>
A
F
T
E
R ┬─> identifier ┬─┤ │ │ │ └─>
P
U
B
L
I
C ────┘ │ │ │ └─>
P
O
S
I
T
I
O
N n ────────────┘ │ └────────────────── , <────────────────────────┘
Additional information available:
More Informationschema privstable privscolumn privsidentifier
More Information
The REVOKE statement removes privileges from or entirely deletes
an entry to the Rdb/VMS access control list (ACL) for a
database, table, or column. Each entry in an ACL consists of an
identifier and a list of privileges assigned to the identifier:
o Each identifier specifies a user or a set of users.
o The list of privileges specifies what operations that user
or user group can perform on the database or table.
When a user tries to perform an operation on a database, SQL
reads the associated ACL from top to bottom, comparing the
identifier of the user with each entry. As soon as SQL finds
the first match, it revokes the rights listed in that entry and
stops the search. All UICs that do not match a previous entry
"fall through" to the entry [*,*], if it exists. If there is no
entry with the UIC [*,*], then unmatched UICs are denied all
access to the database or relation.
For this reason both the entries themselves and their order in
the list are important.
schema privs
One or more of the following privileges you want to remove from an existing access privilege set entry or create in a new one: schema-privs= ────┬───┬─┬─>
S
E
L
E
C
T ─────┬─┬────┬─> │ │ ├─>
I
N
S
E
R
T ─────┤ │ │ │ │ ├─>
O
P
E
R
A
T
O
R ───┤ │ │ │ │ ├─>
D
E
L
E
T
E ─────┤ │ │ │ │ ├─>
C
R
E
A
T
E
T
A
B ──┤ │ │ │ │ ├─>
A
L
T
E
R ──────┤ │ │ │ │ ├─>
D
R
O
P ───────┤ │ │ │ │ ├─>
D
B
C
T
R
L ─────┤ │ │ │ │ ├─>
D
B
A
D
M ──────┤ │ │ │ │ ├─>
S
H
O
W ───────┤ │ │ │ │ ├─>
R
E
F
E
R
E
N
C
E
S ─┤ │ │ │ │ ├─>
U
P
D
A
T
E ─────┤ │ │ │ │ ├─>
S
E
C
U
R
I
T
Y ───┤ │ │ │ │ └─>
D
I
S
T
R
I
B
T
R
A
N ┘ │ │ │ └────────, <────────┘ │ └───┬───>
A
L
L typebox (P)typebox (R)typebox (I)typebox (V)typebox (I)typebox (L)typebox (E)typebox (G)typebox (E)typebox (S) ─┬──┘ └───>
E
N
T
R
Y ──────────┘ To revoke all privileges on the schema, specify the ALL keyword instead of a set of privileges. To delete an ACL entry altogether, specify the ENTRY keyword. You must declare all schemas that you refer to in a REVOKE statement. If you use the default schema declaration, you must use the authorization identifier RDB$DBHANDLE to work with the access privilege set for the schema.
table privs
One or more of the following privileges you want to remove from an existing access privilege set entry or create in a new one: table-privs= ─┬──┬─┬─>
S
E
L
E
C
T ─────────────────────────────┬─┬──┬──> │ │ ├─>
I
N
S
E
R
T ─────────────────────────────┤ │ │ │ │ ├─>
O
P
E
R
A
T
O
R ───────────────────────────┤ │ │ │ │ ├─>
D
E
L
E
T
E ─────────────────────────────┤ │ │ │ │ ├─>
C
R
E
A
T
E
T
A
B ──────────────────────────┤ │ │ │ │ ├─>
A
L
T
E
R ──────────────────────────────┤ │ │ │ │ ├─>
D
R
O
P ───────────────────────────────┤ │ │ │ │ ├─>
D
B
C
T
R
L ─────────────────────────────┤ │ │ │ │ ├─>
S
H
O
W ───────────────────────────────┤ │ │ │ │ ├─>
R
E
F
E
R
E
N
C
E
S ┬───────────────────────┤ │ │ │ │ │ └>( ┬> column-name ┬> )─┤ │ │ │ │ │ └───── , <─────┘ │ │ │ │ │ └─>
U
P
D
A
T
E ─┬───────────────────────────┤ │ │ │ │ └>( ┬> column-name ┬────> )─┘ │ │ │ │ └───── , <─────┘ │ │ │ └─────────────────── , <────────────────────┘ │ └───┬──>
A
L
L typebox (P)typebox (R)typebox (I)typebox (V)typebox (I)typebox (L)typebox (E)typebox (G)typebox (E)typebox (S) ──┬───────────────────────┘ └──>
E
N
T
R
Y ───────────┘ To revoke all privileges on the table, specify the ALL keyword instead of a set of privileges. To delete an ACL entry altogether, specify the ENTRY keyword.
column privs
One or more of the following privileges you want to remove from an existing access privilege set entry or create in a new one: column-privs= ───┬─┬─┬─>
U
P
D
A
T
E ─────┬─┬──┬──> │ │ └─>
R
E
F
E
R
E
N
C
E
S ─┘ │ │ │ └─────── , <────────┘ │ └───┬─>
A
L
L typebox (P)typebox (R)typebox (I)typebox (V)typebox (I)typebox (L)typebox (E)typebox (G)typebox (E)typebox (S) ─┬┘ └─>
E
N
T
R
Y ──────────┘ To revoke all privileges on the column, specify the ALL keyword instead of a set of privileges. To delete an ACL entry altogether, specify the ENTRY keyword.
identifier
Specifies the identifiers for the ACL entry to be modified or
deleted.
identifier =
──┬─┬─> uic-identifier ─────┬─┬─>
│ ├─> general-identifier ─┤ │
│ └─> system-identifier ─┘ │
└──────────── typebox (+) <───────────┘
The identifiers are standard VMS identifiers. There are three
types: UIC identifiers, general identifiers, and system-defined
identifiers.
Specifying PUBLIC is equivalent to using the UIC identifier
[*,*]. You can specify more than one identifier by combining
them with plus signs (+). Such identifiers are called multiple
identifiers. They identify only users who are common to all the
groups defined by the individual identifiers. Users who do not
match all the identifiers are not controlled by that entry.
AFTER
Specifies the position of the entry within the ACL to be modified or deleted. If you omit the AFTER argument, SQL searches the entire ACL for an identifier list that matches the one specified in the FROM clause of the REVOKE statement. If it finds a match, it modifies the ACL entry by deleting the privileges specified in the privilege list. If there is no match, SQL generates an error and the REVOKE statement has no effect on the ACL. In the AFTER argument, the identifier specifies the entry in the ACL after which SQL begins its search for the entry to be modified or deleted. If none of the entries in the ACL has an identifier that matches the identifier specified in the AFTER argument, SQL generates an error and the statement fails. Select More_Information to continue.
Additional information available:
More Information
Starting after the entry specified by the identifier in the AFTER argument, SQL searches entries in the ACL. If an entry has an identifier that matches the identifier specified by the FROM clause of the REVOKE statement, SQL modifies or deletes that ACL entry. If none of the entries has an identifier that matches the identifier specified by the FROM clause of the REVOKE statement, SQL generates an error and the statement fails (even if an entry before the position at which SQL began its search had an identifier that matched). Specifying PUBLIC in the AFTER clause is the same as specifying the UIC identifier [*,*]. At the column level, you can only revoke a column privilege that has been explicitly granted for a column.
POSITION
Specifies the position of the entry within the ACL to be modified or deleted. If you omit the POSITION argument, SQL searches the entire ACL for an identifier list that matches the one specified in the FROM clause of the REVOKE statement. If it finds a match, it modifies the ACL entry by deleting the privileges specified in the privilege list. If there is no match, SQL generates an error and the REVOKE statement has no effect on the ACL. Select More_Information to continue.
Additional information available:
More Information
In the POSITION argument, the integer specifies the earliest relative position in the ACL of the entry to be modified or deleted. If the integer is larger than the number of entries in the ACL, SQL generates an error and the statement fails. Starting with the position specified by the POSITION argument, SQL searches entries in the ACL. If an entry has an identifier that matches the identifier specified by the FROM clause of the REVOKE statement, SQL modifies or deletes that ACL entry. Select More_Information to continue.
Additional information available:
More Information
If none of the entries has an identifier that matches the identifier specified by the FROM clause of the REVOKE statement, SQL generates an error and the statement fails (even if an entry before the position at which SQL began its search had an identifier that matched).