box.schema.user.revoke()

box.schema.user.revoke(username, permissions, object-type, object-name[, {options}])¶

box.schema.user.revoke(username, permissions, 'universe'[, nil, {options}])

box.schema.user.revoke(username, role-name[, nil, nil, {options}])

Revoke privileges from a user or from another role.

Parameters:

Parameters:	username (`string`) – the name of the user permissions (`string`) – one or more permissions to revoke from the user (for example, `read` or `read,write`) object-type (`string`) – a database object type to revoke permissions from (for example, `space`, `role`, or `function`) object-name (`string`) – the name of a database object to revoke permissions from options (`table`) – `if_exists`

username (string) – the name of the user
permissions (string) – one or more permissions to revoke from the user (for example, read or read,write)
object-type (string) – a database object type to revoke permissions from (for example, space, role, or function)
object-name (string) – the name of a database object to revoke permissions from
options (table) – if_exists

The user must exist, and the object must exist, but if the option setting is {if_exists=true} then it is not an error if the user does not have the privilege.

Variation: instead of object-type, object-name say ‘universe’ which means ‘all object-types and all objects’.

Variation: instead of permissions, object-type, object-name say role-name (see section Roles).

Variation: instead of box.schema.user.revoke('username','usage,session','universe',nil, {if_exists=true}) say box.schema.user.disable('username').

Example:

box.schema.user.revoke('testuser', 'write', 'space', 'books')

Version:

box.schema.user.revoke()