REVOKE
The REVOKE statement removes privileges that were previously granted to a role with GRANT. Only a superuser can revoke privileges.
For the privilege levels and types that apply to each object, see Privilege levels.
Syntax
Revoke on a table
REVOKE { privilege [, ...] | ALL [PRIVILEGES] } ON TABLE table_name FROM role_name;Revoke on an external source
REVOKE { SELECT | ALL [PRIVILEGES] } ON EXTERNAL SOURCE catalog_name FROM role_name;
REVOKE { SELECT | ALL [PRIVILEGES] } ON EXTERNAL SOURCE catalog_name => 'pattern' FROM role_name;-
pattern: A string literal that matches a relation name. The wildcard*is only allowed at the end of the pattern.
Behavior
-
Pattern that matches no existing grant. When revoking on an external source with a non-wildcard pattern, the statement errors if the pattern does not match any existing grant for the role. List current grants with
SELECT * FROM information_schema.role_external_relation_grants. -
Catalog-level revoke is idempotent. The catalog-level form (no pattern) is idempotent and silently no-ops if no grants exist for the role on that source. Cleanup scripts can safely run it.
-
Wildcard grants cannot be partially revoked. If a role has a wildcard grant (for example
''or'orders_'), you cannot punch a hole in it. Revoke the wildcard grant in full, then re-grant the narrower pattern you want.
Examples
Revoke SELECT on a single topic:
REVOKE SELECT ON EXTERNAL SOURCE default_redpanda_catalog => 'orders' FROM "alice@example.com";Revoke a wildcard grant:
REVOKE SELECT ON EXTERNAL SOURCE default_redpanda_catalog => 'orders_*' FROM "alice@example.com";Revoke all grants on a catalog:
REVOKE SELECT ON EXTERNAL SOURCE default_redpanda_catalog FROM "alice@example.com";Revoke USAGE on a schema:
REVOKE USAGE ON SCHEMA public FROM "alice@example.com";