> ## Documentation Index
> Fetch the complete documentation index at: https://docs.kinetica.com/llms.txt
> Use this file to discover all available pages before exploring further.

# /revoke/permission

```
URL: http://<db.host>:<db.port>/revoke/permission
```

Revoke user or role the specified permission on the specified object.

## Input Parameter Description

<ParamField body="principal" type="string">
  Name of the user or role for which the permission is being revoked.  Must be an existing user or role.

  The default value is ''.
</ParamField>

<ParamField body="object" type="string">
  Name of object permission is being revoked from. It is recommended to use a fully-qualified name when possible.
</ParamField>

<ParamField body="object_type" type="string">
  The type of object being revoked.

  * **catalog**: Catalog
  * **context**: Context
  * **credential**: Credential
  * **datasink**: Data Sink
  * **datasource**: Data Source
  * **directory**: KIFS File Directory
  * **graph**: A Graph object
  * **proc**: UDF Procedure
  * **schema**: Schema
  * **sql\_proc**: SQL Procedure
  * **system**: System-level access
  * **table**: Database Table
  * **table\_monitor**: Table monitor
</ParamField>

<ParamField body="permission" type="string">
  Permission being revoked.

  * **admin**: Full read/write and administrative access on the object.
  * **connect**: Connect access on the given data source or data sink.
  * **create**: Ability to create new objects of this type.
  * **delete**: Delete rows from tables.
  * **execute**: Ability to Execute the Procedure object.
  * **insert**: Insert access to tables.
  * **monitor**: Monitor logs and statistics.
  * **read**: Ability to read, list and use the object.
  * **send\_alert**: Ability to send system alerts.
  * **update**: Update access to the table.
  * **user\_admin**: Access to administer users and roles that do not have system\_admin permission.
  * **write**: Access to write, change and delete objects.
</ParamField>

<ParamField body="options" type="map of string to strings">
  Optional parameters.

  The default value is an empty map ( \{} ).

  <Expandable title="options">
    <ParamField body="columns">
      Revoke table security from these columns, comma-separated.

      The default value is ''.
    </ParamField>
  </Expandable>
</ParamField>

## Output Parameter Description

The Kinetica server embeds the endpoint response inside a standard response structure which contains status information and the actual response to the query.  Here is a description of the various fields of the wrapper:

<ResponseField name="status" type="String">
  'OK' or 'ERROR'
</ResponseField>

<ResponseField name="message" type="String">
  Empty if success or an error message
</ResponseField>

<ResponseField name="data_type" type="String">
  'revoke\_permission\_response' or 'none' in case of an error
</ResponseField>

<ResponseField name="data" type="String">
  Empty string
</ResponseField>

<ResponseField name="data_str" type="JSON or String">
  This embedded JSON represents the result of the /revoke/permission endpoint:

  <Expandable title="data_str">
    <ResponseField name="principal" type="string">
      Value of input parameter *principal*.
    </ResponseField>

    <ResponseField name="object" type="string">
      Value of input parameter *object*.
    </ResponseField>

    <ResponseField name="object_type" type="string">
      Value of input parameter *object\_type*.
    </ResponseField>

    <ResponseField name="permission" type="string">
      Value of input parameter *permission*.
    </ResponseField>

    <ResponseField name="info" type="map of string to strings">
      Additional information.
    </ResponseField>
  </Expandable>

  Empty string in case of an error.
</ResponseField>
