Home
SQL programmingYou can use the HCL OneDB™ implementation of the SQL language to develop applications for HCL OneDB™ database servers.
Guide to SQL: SyntaxThe HCL OneDB™ Guide to SQL: Syntax describes the syntax of the statements, data types, expressions, operators, and built-in functions of the HCL OneDB™ dialect of the SQL language.
SQL statementsThis chapter describes the syntax and semantics of SQL statements that are recognized by HCL OneDB™.
REVOKE statementUse the REVOKE statement to cancel access privileges or roles that are held by users, by roles, or by PUBLIC, or to cancel user security labels or exemptions from the rules of security policies.
Security Administration Options
EXEMPTION Clause
Security Policies and Grantees of Exemptions

Security Policies and Grantees of Exemptions

An exemption applies only to the rules of a single security policy. whose name follows the FOR keyword. Because a protected table can have multiple security labels, but no more than one security policy, revocation of an exemption can prevent a user with insufficient security credentials from accessing data in tables that are protected by the specified security policy.

The REVOKE EXEMPTION statement fails with an error if the specified policy does not exist in the database.

The USER keyword that can follow the FROM keyword is optional, and has no effect, but any authorization identifier specified in the REVOKE EXEMPTION statement must be the identifier of an individual user, rather than the identifier of a role. This user cannot be the DBSECADM who issues the same REVOKE EXEMPTION statement.

In the following example, DBSECADM revokes an exemption from user lynette for rule IDSLBACREADARRAY of the MegaCorp security policy:

REVOKE EXEMPTION ON RULE IDSLBACREADARRAY FOR MegaCorp FROM lynette;

This exemption restores the read access rules for all array components for subsequent read operations that user lynette attempts on tables protected by security labels of the specified policy.

When the REVOKE EXEMPTION statement successfully cancels an exemption of a user, the database server updates the syssecpolicyexemptions table of the system catalog to unregister the revoked exemption (or multiple exemptions, if several users are listed after the FROM keyword).

Rate this topic

5 stars 4 stars 3 stars 2 stars 1 star

Comment on this topic.

By clicking this box, you acknowledge that you are NOT a U.S. Federal Government employee or agency, nor are you submitting information with respect to or on behalf of one. HCL provides software and services to U.S. Federal Government customers through its partners immixGroup, Inc. Contact this team at https://hcltechsw.com/resources/us-government-contact. Do not include any personal data in this Comment box.