Introduction to MySQL REVOKE
The ‘REVOKE’ function is used in MySQL to revoke all or specified access privileges from a user. This function can be used to revoke one particular access and multiple or all accesses at once, in a single query. It can remove the privileges from different database objects like an entire database, a table or at the column level. A user must have the ‘CREATE USER’ or ‘UPDATE’ privileges, as required, in order to use the ‘REVOKE’ function. This function simply takes away the access privileges from a user, keeping the user account safe at the MySQL.user system table.
The output of the REVOKE query is always a message that says ‘Query OK. 0 row(s) affected’.
Before discussing further on the REVOKE function, it would be desirable to have a strong understanding of the GRANT function and the scope and privileges of accesses in MySQL.
The ‘REVOKE’ function has three levels and the syntax goes as below:
ON [obj_type] privilege_level
FROM user1 [,user2]…;
REVOKE ALL [privileges],
FROM user1 [,user2]…;
FROM user1 [,user2]…;
- obj_type: Is the database object from which the access privilege is revoked.
- privilege_type: Is the type of privilege being revoked.
- user: Is the entity from whom the privilege is revoked.
How Does REVOKE Function Work in MySQL?
When we discuss the REVOKE access function, we need to have a user with accesses that we wish to revoke. So let’s first create a user and grant some access privileges.
CREATE USER abraham
IDENTIFIED BY 'marklist';
The new user created is ‘abraham’ and the scope is table ‘marklist’.
We have granted the new user ‘all’ access privileges for the database ‘world’.
SHOW GRANTS FOR abraham;
So the new user has all the privileges to proceed. Let’s now look on different scopes to revoke the same.
Let’s remove the update access of the user ‘abraham’.
REVOKE UPDATE ON marklist FROM abraham;
So initially the user ‘Abraham’ held the privilege to update any row or column in the table ‘marklist’. But the query has removed it.
Executing the SHOW GRANTS query after the REVOKE query displays the difference in privileges held by the user before and after the REVOKE function is executed.
To revoke all privileges from a user, we can use the REVOKE ALL syntax. Make sure you are not revoking the GRANT option, otherwise you will not be able to grant privileges back if needed.
REVOKE ALL, GRANT OPTION FROM abraham;
Executing the SHOW GRANTS query after the REVOKE query displays the difference in privileges held by the user. Now all privileges are removed from the user. User can just login to the database but has no other privileges.
When a user is granted with proxy privilege, a special revoke statement is used to take back this privilege. For now, consider the user ‘abraham’ has the proxy accesses as the ‘alina’ user. For this, let’s see what all privileges the user ‘alina’ holds and also grant the same to new user ‘abraham’.
SHOW GRANTS FOR alina;
User ‘alina’ hold all privileges except ‘UPDATE’ and ‘ALTER’ privileges. And our user ‘abraham’ holds no privileges as we checked in the last query.
Let’s grant all privileges that user ‘alina’ hold t user ‘abraham’.
This will grant all privileges to Abraham except UPDATE and ALTER privileges since ‘alina’ didn’t have these privileges. Let’s confirm this by executing SHOW GRANTS to Abraham.
If we run the REVOKE PROXY query on Abraham now, it will remove all the proxy privileges from Abraham.
The query removes those privileges which were entitled upon user ‘abraham’ as proxy from user ‘alina’.
Execute the SHOW GRANTS on ‘abraham’.
The user lost all privileges and has only login access now.
Explanation: Revoking ‘EXECUTE’ privileges on functions or procedures. The ‘REVOKE’ command can be used to take back the execute privileges on a function or procedure.
As an example, we can consider the ‘Addition’ function and user ‘abraham’. To grant the ‘EXECUTE’ privilege to this user, use the below query:
GRANT EXECUTE ON FUNCTION Addition TO abraham;
The query grants permission to user ‘abraham’ to execute the function Addition.
The EXECUTE privilege is granted to user ‘abraham’ for function Addition.
The SHOW GRANTS query is returned with the list of privileges for user ‘abraham’.
Now, let’s revoke the EXECUTE privilege from this user by REVOKE function.
REVOKE EXECUTE ON FUNCTION Addition FROM abraham;
The EXECUTE privilege is revoked for user ‘abraham’ in this query. Let’s try the SHOW GRANTS query to check the same.
An important point to note here is that, the revoke function works only for stored functions or procedures in MySQL.
We shall see an example for EXECUTE privilege revoking on the procedure as well. Consider the table world.city and procedure defined ‘CountOfCities’. To grant EXECUTE privilege for this procedure to user ‘abraham’, use below query,
GRANT EXECUTE ON PROCEDURE CountOfCities TO abraham;
The query grants execute privilege to our users on the procedure CounOfCities.
Let’s run the SHOW GRANTS query to check the privileges assigned to the user ‘abraham’.
Now, we can revoke the privilege from the user using the below query.
REVOKE EXECUTE ON PROCEDURE CountOfCities FROM abraham;
This query revokes the EXECUTE privilege from user ‘abraham’.
We can check the privilege is revoked or not by running the SHOW GRANTS query for user ‘abraham’.
So the privilege is revoked now.
Thus we saw examples to revoke privileges from a particular user at different levels.
As discussed, the REVOKE function is used to take back any granted privileges for a particular user or user list. This function retains the user details row in the system table, but removes all access privileges from the user. The REVOKE function returns constant output if executed successfully. The three levels of REVOKE function are individual privileges, ALL privileges at once and the proxy privileges entitled to any user. The same function can also remove EXECUTE privilege from any stored function or procedure.
This is a guide to the MySQL REVOKE. Here we discuss the MySQL REVOKE and the practical examples along with different subquery expressions and Output. you can also go through our suggested articles to learn more –