REVOKE DATABASE ROLE … FROM SHARE¶

Revokes a database role from a share.

Revoking a database role effectively removes privileges on objects granted to the database role from the share, disabling access to the objects in all consumer accounts that have created a database from the share.

For more details, see About Secure Data Sharing and Create and configure shares.

Tip

You can also use the Snowflake REST APIs to perform this operation. For information, see Revoke grants from the role (REST endpoint reference).

See also:: GRANT DATABASE ROLE … TO SHARE

Syntax¶

REVOKE DATABASE ROLE <name>
  FROM SHARE <share_name>

Copy

Parameters¶

name

Specifies the identifier (i.e. name) for the database role; must be unique in the database in which the role is created.

The identifier must start with an alphabetic character and cannot contain spaces or special characters unless the entire identifier string is enclosed in double quotes (e.g. "My object"). Identifiers enclosed in double quotes are also case-sensitive.

If the identifier is not fully qualified (in the form of db_name.database_role_name, the command looks for the database role in the current database for the session.

share_name

Specifies the identifier for the share to which the specified database role is revoked.

Usage notes¶

None.

Examples¶

Revoke the database role dr1 in database d1 from share share1:

REVOKE DATABASE ROLE d1.dr1 FROM SHARE share1;

Copy

Was this page helpful?

Visit Snowflake

Join the conversation

Develop with Snowflake

Share your feedback

Read the latest on our blog

Get your own certification

On this page

Syntax
Parameters
Usage notes
Examples