REVOKEpriv_type[(column_list)] [,priv_type[(column_list)]] ... ON [object_type]priv_levelFROMuser_or_role[,user_or_role] ... REVOKE ALL [PRIVILEGES], GRANT OPTION FROMuser_or_role[,user_or_role] ... REVOKE PROXY ONuser_or_roleFROMuser_or_role[,user_or_role] ... REVOKErole[,role] ... FROMuser_or_role[,user_or_role] ...user_or_role: {user(see Section 6.2.4, “Specifying Account Names”) |role(see Section 6.2.5, “Specifying Role Names”. }
The REVOKE statement enables system administrators to revoke privileges and roles, which can be revoked from user accounts and roles.REVOKE语句使系统管理员能够撤销权限和角色,这些权限和角色可以从用户帐户和角色中撤销。
For details on the levels at which privileges exist, the permissible 有关权限存在的级别、允许的priv_type, priv_level, and object_type values, and the syntax for specifying users and passwords, see Section 13.7.1.6, “GRANT Statement”.priv_type、priv_level和object_type值以及指定用户和密码的语法的详细信息,请参阅第13.7.1.6节,“GRANT语句”。
For information about roles, see Section 6.2.10, “Using Roles”.有关角色的信息,请参阅第6.2.10节,“使用角色”。
When the 启用read_only system variable is enabled, REVOKE requires the CONNECTION_ADMIN or privilege (or the deprecated SUPER privilege), in addition to any other required privileges described in the following discussion.read_only系统变量时,除了以下讨论中描述的任何其他所需权限外,REVOKE还需要CONNECTION_ADMIN或权限(或不推荐的SUPER权限)。
REVOKE either succeeds for all named users and roles or rolls back and has no effect if any error occurs. REVOKE要么对所有命名用户和角色成功,要么回滚,如果发生任何错误,则不会生效。The statement is written to the binary log only if it succeeds for all named users and roles.只有在所有命名用户和角色都成功时,该语句才会写入二进制日志。
Each account name uses the format described in Section 6.2.4, “Specifying Account Names”. 每个账户名称使用第6.2.4节,“指定账户名称”中描述的格式。Each role name uses the format described in Section 6.2.5, “Specifying Role Names”. 每个角色名称使用第6.2.5节,“指定角色名称”中描述的格式。For example:例如:
REVOKE INSERT ON *.* FROM 'jeffrey'@'localhost'; REVOKE 'role1', 'role2' FROM 'user1'@'localhost', 'user2'@'localhost'; REVOKE SELECT ON world.* FROM 'role3';
The host name part of the account or role name, if omitted, defaults to 帐户或角色名的主机名部分(如果省略)默认为'%'.'%'。
To use the first 要使用第一个REVOKE syntax, you must have the GRANT OPTION privilege, and you must have the privileges that you are revoking.REVOKE语法,您必须具有GRANT OPTION权限,并且必须具有要撤销的权限。
To revoke all privileges, use the second syntax, which drops all global, database, table, column, and routine privileges for the named users or roles:要撤销所有权限,请使用第二种语法,它会删除命名用户或角色的所有全局、数据库、表、列和例程权限:
REVOKE ALL PRIVILEGES, GRANT OPTION FROMuser_or_role[,user_or_role] ...
REVOKE ALL PRIVILEGES, GRANT OPTION does not revoke any roles.不会撤销任何角色。
To use this 要使用此REVOKE syntax, you must have the global CREATE USER privilege, or the UPDATE privilege for the mysql system schema.REVOKE语法,您必须具有全局CREATE USER权限,或mysql系统架构的UPDATE权限。
The syntax for which the REVOKE keyword is followed by one or more role names takes a FROM clause indicating one or more users or roles from which to revoke the roles.REVOKE关键字后跟一个或多个角色名称的语法采用FROM子句,该子句指示要从中撤销角色的一个或多个用户或角色。
Roles named in the 无法撤销在mandatory_roles system variable value cannot be revoked.mandatory_roles系统变量值中命名的角色。
A revoked role immediately affects any user account from which it was revoked, such that within any current session for the account, its privileges are adjusted for the next statement executed.被撤销的角色会立即影响其被撤销的任何用户帐户,因此在该帐户的任何当前会话中,其权限会针对执行的下一条语句进行调整。
Revoking a role revokes the role itself, not the privileges that it represents. 撤销角色会撤销角色本身,而不是它所代表的特权。Suppose that an account is granted a role that includes a given privilege, and is also granted the privilege explicitly or another role that includes the privilege. 假设一个帐户被授予一个包含给定权限的角色,并且还被明确授予该权限或包含该权限的另一个角色。In this case, the account still possesses that privilege if the first role is revoked. 在这种情况下,如果第一个角色被撤销,帐户仍然拥有该特权。For example, if an account is granted two roles that each include 例如,如果一个帐户被授予了两个角色,每个角色都包含SELECT, the account still can select after either role is revoked.SELECT,则在撤销任一角色后,该帐户仍可以进行选择。
REVOKE ALL ON *.* (at the global level) revokes all granted static global privileges and all granted dynamic privileges.(在全局级别)撤销所有授予的静态全局权限和所有授予的动态权限。
User accounts and roles from which privileges and roles are to be revoked must exist, but the privileges and roles to be revoked need not be currently granted to them.要从中撤销权限和角色的用户帐户和角色必须存在,但要撤销的权限和角色当前无需授予它们。
A revoked privilege that is granted but not known to the server is revoked with a warning. 已授予但服务器未知的已撤销权限将被撤销,并显示警告。This situtation can occur for dynamic privileges. 这种情况可能发生在动态权限中。For example, a dynamic privilege can be granted while the component that registers it is installed, but if that component is subsequently uninstalled, the privilege becomes unregistered, although accounts that possess the privilege still possess it and it can be revoked from them.例如,可以在安装注册动态权限的组件时授予该权限,但如果该组件随后被卸载,则该权限将被取消注册,尽管拥有该权限的帐户仍然拥有该权限,并且可以从这些帐户中撤销该权限。
REVOKE removes privileges, but does not remove rows from the mysql.user system table. REVOKE删除权限,但不从mysql.user系统表中删除行。To remove a user account entirely, use 要完全删除用户帐户,请使用DROP USER. DROP USER。See Section 13.7.1.5, “DROP USER Statement”.请参阅第13.7.1.5节,“DROP USER语句”。
If the grant tables hold privilege rows that contain mixed-case database or table names and the 如果授权表包含包含大小写混合的数据库或表名的特权行,并且lower_case_table_names system variable is set to a nonzero value, REVOKE cannot be used to revoke these privileges. lower_case_table_names系统变量设置为非零值,则REVOKE不能用于撤销这些特权。It is necessary in such cases to manipulate the grant tables directly. 在这种情况下,有必要直接操纵拨款表。((GRANT does not create such rows when lower_case_table_names is set, but such rows might have been created prior to setting the variable. GRANT在设置lower_case_table_names时不会创建此类行,但此类行可能是在设置变量之前创建的。)。The 只有在初始化服务器时才能配置lower_case_table_names setting can only be configured when initializing the server.)lower_case_table_names设置。)
When successfully executed from the mysql program, 当从mysql程序成功执行时,REVOKE responds with Query OK, 0 rows affected. REVOKE会用Query OK, 0 rows affected作为响应。To determine what privileges remain after the operation, use 要确定操作后仍保留哪些权限,请使用SHOW GRANTS. SHOW GRANTS。See Section 13.7.7.21, “SHOW GRANTS Statement”.请参阅第13.7.7.21节,“SHOW GRANTS语句”。