DataStax Enterprise 3.0 Documentation

REVOKE

This documentation corresponds to an earlier product version. Make sure this document corresponds to your version.

Latest DSE documentation | Earlier DSE documentation

Synopsis

REVOKE permission_name PERMISSION
| REVOKE ALL PERMISSIONS
   ON resource FROM user_name

permission_name is one of these:

  • ALTER
  • AUTHORIZE
  • CREATE
  • DROP
  • MODIFY
  • SELECT

resource is one of these:

  • ALL KEYSPACES
  • KEYSPACE keyspace_name
  • TABLE keyspace_name.table_name

Synopsis legend

Description

Permissions to access all keyspaces, a named keyspace, or a table can be revoked from a user. Enclose the user name in single quotation marks if it contains non-alphanumeric characters.

This table lists the permissions needed to use CQL statements:

Permission CQL Statements
ALTER ALTER KEYSPACE, ALTER TABLE, CREATE INDEX, DROP INDEX
AUTHORIZE GRANT, REVOKE
CREATE CREATE KEYSPACE, CREATE TABLE
DROP DROP KEYSPACE, DROP TABLE
MODIFY INSERT, DELETE, UPDATE, TRUNCATE
SELECT SELECT

Example

REVOKE SELECT ON ravens.plays FROM boone;

The user boone can no longer perform SELECT queries on the ravens.plays table. Exceptions: Because of inheritance, the user can perform SELECT queries on ravens.plays if one of these conditions is met:

  • The user is a superuser
  • The user has SELECT on ALL KEYSPACES permissions
  • The user has SELECT on the ravens keyspace