跳转到主要内容

REVOKE ROLE

Removes a role from a user.

Syntax

REVOKE ROLE <role_name> FROM { USER <user_name> }

Examples

Grant Privileges to a User

创建用户:

CREATE USER user1 IDENTIFIED BY 'abc123';

Grant the ALL privilege on all existing tables in the default database to the user user1:

GRANT ALL ON default.* TO user1;
SHOW GRANTS FOR user1;
+-----------------------------------------+
| Grants |
+-----------------------------------------+
| GRANT ALL ON 'default'.* TO 'user1'@'%' |
+-----------------------------------------+

Grant Privileges to a Role

Grant the SELECT privilege on all existing tables in the mydb database to the role role1:

Create role:

CREATE ROLE role1;

Grant privileges to the role:

GRANT SELECT ON mydb.* TO ROLE role1;

Show the grants for the role:

SHOW GRANTS FOR ROLE role1;
+-------------------------------------+
| Grants |
+-------------------------------------+
| GRANT SELECT ON 'mydb'.* TO 'role1' |
+-------------------------------------+

Grant a Role to a User

User user1 grants are:

SHOW GRANTS FOR user1;
+-----------------------------------------+
| Grants |
+-----------------------------------------+
| GRANT ALL ON 'default'.* TO 'user1'@'%' |
| GRANT ALL ON *.* TO 'user1'@'%' |
+-----------------------------------------+

Role role1 grants are:

SHOW GRANTS FOR ROLE role1;
+-------------------------------------+
| Grants |
+-------------------------------------+
| GRANT SELECT ON 'mydb'.* TO 'role1' |
+-------------------------------------+

Grant role role1 to user user1:

 GRANT ROLE role1 TO user1;

Now, user user1 grants are:

SHOW GRANTS FOR user1;
+-----------------------------------------+
| Grants |
+-----------------------------------------+
| GRANT ALL ON 'default'.* TO 'user1'@'%' |
| GRANT ALL ON *.* TO 'user1'@'%' |
| GRANT SELECT ON 'mydb'.* TO 'role1' |
+-----------------------------------------+

Revoke Role From a User

REVOKE ROLE role1 FROM USER user1;
SHOW GRANTS FOR user1;
+-----------------------------------------+
| Grants |
+-----------------------------------------+
| GRANT ALL ON 'default'.* TO 'user1'@'%' |
| GRANT ALL ON *.* TO 'user1'@'%' |
+-----------------------------------------+