User List
The authorization identifiers (or the PUBLIC keyword) that follow the FROM keyword of REVOKE specify who loses the revoked privileges or revoked roles. If you use the PUBLIC keyword as the user list, the REVOKE statement revokes the specified privileges or roles from PUBLIC, thereby revoking them from all users to whom the privileges or roles have not been explicitly granted, or who do not hold some other role through which they have received the role or privilege.
| Element | Description | Restrictions | Syntax |
|---|---|---|---|
| user | Login name of a user whose privilege or role you are revoking | Must be a valid authorization identifier | Owner name |
Spell the user names in the list exactly as they were spelled in the GRANT statement. You can optionally use quotation marks around each user name in the list to preserve the lettercase. In an ANSI-compliant database, if you do not use quotation marks to delimit user, the name of the user is stored in uppercase letters unless the ANSIOWNER environment variable was set to 1 before the database server was initialized.
When you specify login names, you can use the REVOKE statement and the GRANT statement to secure various types of database objects selectively. For examples, see When to Use REVOKE Before GRANT.