REVOKE
priv_type [(column_list)]
[, priv_type [(column_list)]] ...
ON [object_type] priv_level
FROM user [, user] ...
REVOKE ALL PRIVILEGES, GRANT OPTION
FROM user [, user] ...
REVOKE PROXY ON user
FROM user [, user] ...
The REVOKE statement enables
system administrators to revoke privileges from MySQL accounts.
Each account name uses the format described in
Section 5.4.3, “Specifying Account Names”. For example:
REVOKE INSERT ON *.* FROM 'jeffrey'@'localhost';
If you specify only the user name part of the account name, a
host name part of '%' is used.
For details on the levels at which privileges exist, the
permissible priv_type and
priv_level values, and the syntax for
specifying users and passwords, see Section 12.4.1.3, “GRANT Syntax”
To use the first REVOKE syntax,
you must have the GRANT OPTION
privilege, and you must have the privileges that you are
revoking.
To revoke all privileges, use the second syntax, which drops all global, database, table, column, and routine privileges for the named user or users:
REVOKE ALL PRIVILEGES, GRANT OPTION FROMuser[,user] ...
To use this REVOKE syntax, you
must have the global CREATE USER
privilege or the UPDATE privilege
for the mysql database.
REVOKE removes privileges, but
does not drop mysql.user table entries. To
remove a user account entirely, use DROP
USER (see Section 12.4.1.2, “DROP USER Syntax”) or
DELETE.
If the grant tables hold privilege rows that contain mixed-case
database or table names and the
lower_case_table_names system
variable is set to a nonzero value,
REVOKE cannot be used to revoke
these privileges. It will be necessary to manipulate the grant
tables directly. (GRANT will not
create such rows when
lower_case_table_names is set,
but such rows might have been created prior to setting the
variable.)
To verify an account's privileges after a
REVOKE operation, use
SHOW GRANTS. See
Section 12.4.5.22, “SHOW GRANTS Syntax”.