Database Reference
In-Depth Information
Revoking access
Let us say that, having slept on it, we've reconsidered the decision to give the data analytics
team read/write access to the
status_update_views
table. After all, the data in that
table is generated automatically by the application, and there's no need for the analytics
team to be able to modify it. Happily, we can revoke that permission just as easily as we
granted it, using the
REVOKE
command:
REVOKE MODIFY PERMISSION
ON "my_status"."status_update_views"
FROM 'data_analytics';
The syntax of the
REVOKE
command is identical to that of the
GRANT
command, except
that the
TO
keyword is replaced by
FROM
. We can check the
sys-
tem_auth.permissions
table to satisfy ourselves that the permissions are how we'd
like:
We can rest easy knowing that the only remaining access granted to the analytics team is
keyspace-wide read-only permissions.
Note