revoke

Syntax

revoke(userId|groupId, accessType, [objs])

Arguments

userId | groupId a string indicating a user name or a group name.

accessType is the type of privilege.

objs a string scalar/vector indicating the objects that the priviledges specified by accessType applies to.

See the privilege table in User Access Control for the values that accessType and objs can take.

Details

• Revokes specified access privileges to a user or a group of users that were previously granted or denied.

• Removes the memory limit that was previously set for a specific user. It includes the memory limit of a query result (when accessType = QUERY_RESULT_MEM_LIMIT) and the memory limit of a task group (when accessType = TASK_GROUP_MEM_LIMIT). The memory limit will be reverted to the default memory limit configured in the system.

This command can only be executed by an administrator on the controller or data node.

Examples

Revoke the privilege of the members of the group “production” to read all tables in all databases:

$ revoke(`production, TABLE_READ, "*")

Revoke the denial of the privilege of the members of the group “research” to write to the table dfs://db1/t1:

$ revoke(`research, TABLE_WRITE, "dfs://db1/t1")

Revoke the privilege of the members of the group “research” to create tables in the databases dfs://db1 and dfs://db2:

$ revoke("research", DBOBJ_CREATE, ["dfs://db1","dfs://db2"])

Revoke the denial of the privilege of the user “AlexSmith” to create or delete databases:

$ revoke("AlexSmith", DB_MANAGE)

Revoke the privilege of the user “AlexSmith” to execute script:

$ revoke("AlexSmith", SCRIPT_EXEC)

Revoke the denial of the privilege of the user “AlexSmith” to test script:

$ revoke("AlexSmith", TEST_EXEC)