Revoke user permissions.
REVOKE permission_name PERMISSION | REVOKE ALL PERMISSIONS ON resource FROM user_name
permission_name is one of these:
resource is one of these:
- ALL KEYSPACES
- KEYSPACE keyspace_name
- TABLE keyspace_name.table_name
In the synopsis section of each statement, formatting has the following meaning:
- Uppercase means literal
- Lowercase means not literal
- Italics mean optional
- The pipe (|) symbol means OR or AND/OR
- Ellipsis (...) means repeatable
- « means a non-literal, open parenthesis used to indicate scope
- » means a non-literal, close parenthesis used to indicate scope
A semicolon that terminates CQL statements is not included in the synopsis.
Permissions to access all keyspaces, a named keyspace, or a table can be revoked from a user. Enclose the user name in single quotation marks if it contains non-alphanumeric characters.
Table 1 lists the permissions needed to use CQL statements:
REVOKE SELECT ON ravens.plays FROM boone;
The user boone can no longer perform SELECT queries on the ravens.plays table. Exceptions: Because of inheritance, the user can perform SELECT queries on revens.plays if one of these conditions is met:
- The user is a superuser.
- The user has SELECT on ALL KEYSPACES permissions.
- The user has SELECT on the ravens keyspace.