URL: http://GPUDB_IP_ADDRESS:GPUDB_PORT/revoke/permission

Revoke user or role the specified permission on the specified object.

Input Parameter Description

Name Type Description
principal string Name of the user or role for which the permission is being revoked. Must be an existing user or role. The default value is ''.
object string Name of object permission is being revoked from. It is recommended to use a fully-qualified name when possible.
object_type string

The type of object being revoked

Supported Values Description
credential Credential
datasink Data Sink
datasource Data Source
directory KIFS File Directory
graph A Graph object
proc UDF Procedure
schema Schema
sql_proc SQL Procedure
system System-level access
table Database Table
table_monitor Table monitor
permission string

Permission being revoked.

Supported Values Description
admin Full read/write and administrative access on the object.
connect Connect access on the given data source or data sink.
delete Delete rows from tables.
execute Ability to Execute the Procedure object.
insert Insert access to tables.
read Ability to read, list and use the object.
update Update access to the table.
user_admin Access to administer users and roles that do not have system_admin permission.
write Access to write, change and delete objects.
options map of string to strings

Optional parameters. The default value is an empty map ( {} ).

Supported Parameters (keys) Parameter Description
columns Revoke table security from these columns, comma-separated. The default value is ''.

Output Parameter Description

The GPUdb server embeds the endpoint response inside a standard response structure which contains status information and the actual response to the query. Here is a description of the various fields of the wrapper:

Name Type Description
status String 'OK' or 'ERROR'
message String Empty if success or an error message
data_type String 'revoke_permission_response' or 'none' in case of an error
data String Empty string
data_str JSON or String

This embedded JSON represents the result of the /revoke/permission endpoint:

Name Type Description
principal string Value of input parameter principal.
object string Value of input parameter object.
object_type string Value of input parameter object_type.
permission string Value of input parameter permission.
info map of string to strings Additional information.

Empty string in case of an error.