REVOKE ROLE
Description
Revoke a role on a specified Onehouse resource. See the permissions documentation for more details.
To revoke privileges on data objects, use REVOKE PRIVILEGE.
Syntax
REVOKE ROLE <role> ON <resource_type> <resource_name> FROM <principal_type> <principal_identifier>
Examples
REVOKE ROLE USER ON CLUSTER 'sql-cluster' FROM USER 'woz@apple.com'
Required parameters
role: Specify one of{ADMIN|MEMBER|VIEWER|EDITOR|USER|MANAGER|READER}.resource_type: Specify one of{ACCOUNT|PROJECT|GROUP|SERVICE_PRINCIPAL|CLUSTER}.resource_name: Specify the name of the resource to revoke the role on.principal_type: Specify one of{USER|GROUP|SERVICE_PRINCIPAL}.principal_identifier: Specify one of{<user_email>|<group_id>|<service_principal_id>}.
Supported combinations by resource_type
Only the following combinations of role and principal_type are supported for each resource_type:
| resource_type | role | principal_type | action |
|---|---|---|---|
| ACCOUNT | ADMIN, MEMBER, READER | SERVICE_PRINCIPAL | Revokes the respective role on the account from the given principal. |
| GROUP | MANAGER, MEMBER | SERVICE_PRINCIPAL, USER | Revokes the respective role on the group from the given principal. |
| SERVICE_PRINCIPAL | MANAGER, MEMBER | GROUP, USER | Revokes the respective role on the service principal from the given principal. |
| PROJECT | ADMIN, MEMBER, READER | USER, GROUP, SERVICE_PRINCIPAL | Revokes the respective role on the project from the given principal. |
| CLUSTER | VIEWER, EDITOR, USER, MANAGER | USER, GROUP, SERVICE_PRINCIPAL | Revokes the respective role on the cluster from the given principal. |