REVOKE
- reference
The REVOKE statement allows revoking of any RBAC roles from specific users.
Roles can be of the following two types:
- simple
-
Roles which apply generically to all keyspaces/resources in the cluster.
For example:
cluster_adminorbucket_admin - parameterized by a keyspace
-
Roles which are defined for the scope of the specified keyspace only. The keyspace name is specified after ON.
For example:
data_reader ON `travel-sample`
orquery_select ON `travel-sample`
| Only Full Administrators can run the REVOKE statement. For more details about user roles, see Authorization. |
Syntax
revoke ::= 'REVOKE' role ( ',' role )* ( 'ON' keyspace-ref ( ',' keyspace-ref )* )?
'FROM' user ( ',' user )*
- role
-
One of the RBAC role names predefined by Couchbase Server.
The following roles have short forms that can be used as well:
-
query_select→select -
query_insert→insert -
query_update→update -
query_delete→delete
-
- user
-
A user name created by the Couchbase Server RBAC system.
Keyspace Reference
keyspace-ref ::= keyspace-path | keyspace-partial
keyspace-path ::= ( namespace ':' )? bucket ( '.' scope '.' collection )?
keyspace-partial ::= collection
The simple name or fully-qualified name of a keyspace. Refer to the CREATE INDEX statement for details of the syntax.