The REVOKE statement is used to remove permissions that were previously granted to users or groups. This command is essential for managing access control and security within a database, as it allows administrators to remove privileges when they are no longer necessary or when security concerns arise.

The REVOKE statement is used to remove or take back specific permissions from users or groups on database objects. Permissions are often revoked when:

• A user’s role changes, and they no longer need access to certain data.
• Security policies require tighter control over data.
• There’s a need to limit or restrict access for data integrity or compliance purposes.

Common permissions that can be revoked include:

• SELECT: The ability to view data.
• INSERT: The ability to add new data rows.
• UPDATE: The ability to modify existing data.
• DELETE: The ability to delete rows.
• REFERENCES: Permission to create foreign keys referencing the table.

Syntax -

REVOKE privilege [, privilege ...]
ON object_type object_name
FROM user_or_group [, user_or_group ...];

• privilege: Specifies the permission(s) being removed, such as SELECT, INSERT, UPDATE, DELETE, or REFERENCES.
• object_type: Defines the type of database object, like TABLE or VIEW, on which the permission is revoked.
• object_name: The specific name of the object (e.g., the table name).
• user_or_group: The user(s) or group(s) from whom the permission(s) is being revoked.

Examples -

REVOKE SELECT, UPDATE
ON TABLE EMPLOYEE
FROM USER_A, USER_B;

In the above example, USER_A and USER_B lose their SELECT and UPDATE permissions on the EMPLOYEE table, meaning they will no longer be able to view or modify data in this table.

Using REVOKE Statements in a COBOL Program

We can't able to use the REVOKE statement in COBOL-DB2 program as it is a DDL statement. Only administrators and other users who has ADIM authority can use the REVOKE statement in DB2 tools (SPUFI or QMF).

---