Please use the form below to provide your feedback. Because your feedback is valuable to us, the information you submit in this form is recorded in our issue tracking system (JIRA), which is publicly available. You can track the status of your feedback using the ticket number displayed in the dialog once you submit the form.

REVOKE

  • Capella Operational
  • reference
The REVOKE statement allows revoking of any RBAC roles from specific users or groups.

Roles can be of the following two types:

simple

Roles which apply generically to all keyspaces/resources in the cluster.

For example: cluster_admin or bucket_admin

parameterized by a keyspace

Roles which are defined for the context of the specified keyspace only. Specify the keyspace name after the keyword ON.

For example: data_reader ON `travel-sample`
or query_select ON `travel-sample`.`inventory`.`airline`

Prerequisites

To execute this statement in the Capella UI, you must have one of the following roles:

You cannot execute this statement using cluster access credentials.

Syntax

revoke ::= revoke-user | revoke-group
Syntax diagram: refer to source code listing 
revoke-user ::= 'REVOKE' role ( ',' role )* ( 'ON' keyspace-ref ( ',' keyspace-ref )* )?
           'FROM' ( 'USER' | 'USERS' )? user ( ',' user )*
Syntax diagram: refer to source code listing 
revoke-group ::= 'REVOKE' role ( ',' role )* ( 'ON' keyspace-ref ( ',' keyspace-ref )* )?
           'FROM' ( 'GROUP' | 'GROUPS' ) group ( ',' group )*
Syntax diagram: refer to source code listing
role

One of the RBAC role names predefined by Couchbase Capella.

For the following roles, you can use their short forms as well:

  • query_selectselect

  • query_insertinsert

  • query_updateupdate

  • query_deletedelete
keyspace-ref

Keyspace Reference
user

A user name created by the Couchbase Capella RBAC system.

Keyspace Reference

keyspace-ref ::= keyspace-path | keyspace-partial
Syntax diagram: refer to source code listing 
keyspace-path ::= ( namespace ':' )? bucket ( '.' scope '.' collection )?
Syntax diagram: refer to source code listing 
keyspace-partial ::= collection
Syntax diagram: refer to source code listing

The simple name or fully qualified name of a keyspace. For more information about the syntax, see the CREATE INDEX statement.

Examples

Example 1. Revoke the Cluster Admin role from multiple users
REVOKE cluster_admin FROM david, michael, robin
Example 2. Revoke Query Select and Data Reader roles on the travel-sample keyspace from a specific user
REVOKE query_select, data_reader
  ON `travel-sample`
  FROM debby
Example 3. Revoke the Data Reader role on the travel-sample keyspace from a specific group
REVOKE query_update
  ON `travel-sample`
  FROM GROUP sales