Revoking privileges on schemas in SQL

24 Sep 2023

DatabaseSecurity

When working with databases, it is important to properly manage user privileges to ensure data security and integrity. In SQL, privileges can be granted to users on various database objects, including schemas. However, there may be cases where you need to revoke privileges on schemas for certain users or roles. In this blog post, we will explore how to revoke privileges on schemas in SQL.

Syntax to Revoke Privileges on Schemas

To revoke privileges on a schema, you need to use the REVOKE statement in SQL. The syntax for revoking privileges on schemas is as follows:

REVOKE privilege_type [, privilege_type, ...]
ON SCHEMA schema_name
FROM { user_name | PUBLIC | role_name } [, { user_name | PUBLIC | role_name }, ...] [ CASCADE | RESTRICT ];

Let’s break down the syntax:

REVOKE: This keyword is used to revoke privileges.
privilege_type: Specify the type of privilege(s) to be revoked, such as ALL, SELECT, INSERT, UPDATE, DELETE, etc. You can specify multiple privilege types, separated by commas.
ON SCHEMA schema_name: Specify the name of the schema from which you want to revoke privileges.
FROM { user_name | PUBLIC | role_name }: Specify the user, role, or PUBLIC (for all users) from which you want to revoke privileges. You can specify multiple users or roles, separated by commas.
CASCADE | RESTRICT (optional): This clause determines the behavior if the revoked privileges are still needed by other objects in the schema. CASCADE revokes the privileges and also revokes them on dependent objects. RESTRICT checks for dependent objects and prevents the revocation if any are found. If you omit this clause, RESTRICT is assumed.

Examples

Let’s take a look at a few examples of how to revoke privileges on schemas in SQL.

Example 1: Revoking SELECT privilege on a schema

In this example, we are revoking the SELECT privilege on a schema called employees_schema from a specific user named user1.

REVOKE SELECT ON SCHEMA employees_schema FROM user1;

Example 2: Revoking all privileges on a schema from multiple users

In this example, we are revoking all privileges on a schema called public_schema from multiple users: user1, user2, and user3.

REVOKE ALL ON SCHEMA public_schema FROM user1, user2, user3;

Example 3: Revoking privileges on a schema with CASCADE option

In this example, we are revoking the INSERT privilege on a schema called sales_schema from a role named sales_role. The CASCADE option ensures that the privileges are also revoked on dependent objects.

REVOKE INSERT ON SCHEMA sales_schema FROM sales_role CASCADE;

Conclusion

Revoking privileges on schemas is an essential aspect of database security and access control. By using the REVOKE statement in SQL, you can easily revoke specific privileges on schemas from users or roles. It is crucial to follow best practices and regularly review and manage user privileges to maintain a secure and well-structured database system.

#SQL #DatabaseSecurity