Changes to the REVOKE statement syntax

If you have applications that use the pre-16.0 REVOKE statement syntax for authorities, permissions, and groups, you should modify them to use the updated syntax for roles and privileges. The table below shows you what the statements should be changed to. Use of the old REVOKE syntax for authorities, permissions, and groups is supported but deprecated.

Pre-16.0 syntax	New syntax
REVOKE CONNECT FROM userid	No change.
REVOKE GROUP FROM userid	DROP ROLE rolename FROM USER user WITH REVOKE
REVOKE MEMBERSHIP IN GROUP groupname [,...] FROM grantee [,...]	REVOKE ROLE groupname [,...] FROM grantee [,...]
REVOKE authority FROM grantee [,...] authority : DBA \| REMOTE DBA \| BACKUP \| RESOURCE \| VALIDATE \| PROFILE \| READCLIENTFILE \| READFILE \| WRITECLIENTFILE	REVOKE ROLE rolename [,...] FROM userid [,...] role : SYS_AUTH_DBA_ROLE \| SYS_RUN_REPLICATION_ROLE \| SYS_AUTH_BACKUP_ROLE \| SYS_AUTH_RESOURCE_ROLE \| SYS_AUTH_VALIDATE_ROLE \| SYS_AUTH_PROFILE_ROLE \| SYS_AUTH_READCLIENTFILE_ROLE \| SYS_AUTH_READFILE_ROLE \| SYS_AUTH_WRITECLIENTFILE_ROLE
REVOKE PUBLISH FROM grantee	No change. However, you can also set the new PUBLIC option, db_publisher: SET OPTION PUBLIC.db_publisher=grantee
REVOKE permission [,...] ON [ owner.]object-name FROM grantee [,...] permission : ALL [ PRIVILEGES ] \| ALTER \| DELETE \| INSERT \| REFERENCES [ ( column-name, ...) ] \| SELECT [ ( column-name, ... ) ] \| UPDATE [ ( column-name, ... ) ]	No change, except to naming convention. Object-level permissions are now object-level privileges.
REVOKE EXECUTE ON [ owner.]{ procedure-name \| user-defined-function } FROM grantee [,...]	No change.
REVOKE INTEGRATED LOGIN FROM user-profile-name [,...]	No change.
REVOKE KERBEROS LOGIN FROM userid [,...] AS USER user	No change.
REVOKE CREATE ON dbspacename [,...] FROM grantee [,...]	No change.

Changes to the REVOKE statement syntax

See also