|
Any user's permissions are a combination of those that have been granted and those that have been revoked. By revoking and granting permissions, you can manage the pattern of user permissions on a database.
The REVOKE statement is the exact opposite of the GRANT statement. To disallow M_Haneef from executing my_procedure, the command is:
REVOKE EXECUTE ON my_procedure FROM M_Haneef;
The DBA or the owner of the procedure must issue this command.
When you add a user to a group, the user inherits all the permissions assigned to that group. SQL Anywhere does not allow you to revoke a subset of the permissions that a user inherits as a member of a group because you can only revoke permissions that are explicitly given by a GRANT statement. If you need to have different permissions for different users, you can create different groups with the appropriate permissions, or you can explicitly grant each user the permissions they require.
If you are revoking connect permissions or table permissions from another user, the other user must not be connected to the database. You cannot revoke connect permissions from dbo.
Permission to delete rows from sample_table may be revoked by issuing the following command:
REVOKE DELETE ON sample_table FROM M_Haneef;