13.2 Revoke Data Role
Use the REVOKE DATA ROLE command to remove one or more data
role grants from specified grantees (revokees).
Required privilege
The GRANT ANY DATA ROLE system privilege.
Syntax
REVOKE DATA ROLE [ IF EXISTS ] data_role_list
FROM revokee_list;
data_role_list ::= data_role [, data_role ]...
revokee_list ::= revokee [, revokee ]...
revokee ::= { end_user | application_identity | data_role }
Parameters
| Parameter | Description |
|---|---|
|
|
A comma-separated list of data roles to be revoked. Only data roles that are managed locally in the database are permitted. |
|
|
A comma-separated list of local end users, application identities, or other data roles from which the data roles are to be revoked. |
Usage notes and restrictions
- When
IF EXISTSis specified:- If any data role or revokee does not exist, the revoke is skipped for those non-existing entries and no error is raised.
- If the data role exists, it is revoked.
- When
IF EXISTSis omitted:- If any data role or revokee does not exist, an error is raised.
- If the data role exists, it is revoked.
For syntax diagrams and additional details, see REVOKE DATA ROLE in Oracle AI Database SQL Language Reference.
Example 13-5 Revoke a data role
Revoke a data role, manager_role, from a local end
user, Marvin.
REVOKE DATA ROLE manager_role FROM marvin;