REVOKE SERVICE ROLE¶
Revokes a service role from an account role, application role, or database role. For more information, see Managing access to service endpoints.
- See also:
Syntax¶
REVOKE SERVICE ROLE <name> FROM
{
ROLE <role_name> |
APPLICATION ROLE <application_role_name> |
DATABASE ROLE <database_role_name>
}
Parameters¶
nameSpecifies the identifier for the service role to revoke. If the identifier contains spaces or special characters, the entire string must be enclosed in double quotes. Identifiers enclosed in double quotes are also case-sensitive.
Specify the service role name in the following format:
service-name!service-role-nameFor example,
echo_service!echoendpoint_role.ROLE role_nameName of the account role to revoke the service role from.
APPLICATION ROLE application_roleName of the application role to revoke the service role from.
DATABASE ROLE database_nameName of the database role to revoke the service role from.
Access control requirements¶
A role used to execute this SQL command must have the following privileges at a minimum:
Privilege or role |
Object |
Notes |
|---|---|---|
OWNERSHIP |
Service |
Only the service owner can revoke the service role. |
Examples¶
The following command revoke the echoendpoint_role service role defined in the echo_service service specification from the service_function_user_role role.
REVOKE SERVICE ROLE echo_service!echoendpoint_role FROM ROLE service_function_user_role;