Top.Mail.Ru
box.schema.user.revoke() | Tarantool
 

box.schema.user.revoke()

box.schema.user.revoke()

box.schema.user.revoke(user-name, privileges, object-type, object-name[, {options}])
box.schema.user.revoke(user-name, privileges, 'universe'[, nil, {options}])
box.schema.user.revoke(user-name, role-name[, nil, nil, {options}])

Revoke privileges from a user or from another role.

Parameters:
  • user-name (string) – the name of the user.
  • privilege (string) – ‘read’ or ‘write’ or ‘execute’ or ‘create’ or ‘alter’ or ‘drop’ or a combination.
  • object-type (string) – ‘space’ or ‘function’ or ‘sequence’.
  • object-name (string) – the name of a function or space or sequence.
  • options (table) – if_exists.

The user must exist, and the object must exist, but if the option setting is {if_exists=true} then it is not an error if the user does not have the privilege.

Variation: instead of object-type, object-name say ‘universe’ which means ‘all object-types and all objects’.

Variation: instead of privilege, object-type, object-name say role-name (see section Roles).

Variation: instead of box.schema.user.revoke('user-name','usage,session','universe',nil, {if_exists=true}) say box.schema.user.disable('user-name').

Example:

box.schema.user.revoke('Lena', 'read', 'space', 'tester')
box.schema.user.revoke('Lena', 'execute', 'function', 'f')
box.schema.user.revoke('Lena', 'read,write', 'universe')
box.schema.user.revoke('Lena', 'Accountant')