Copy to clipboard

revokePrivilegeFromShare

Revokes a privilege on a database object from a Snowflake share. This removes the share's access to the specified object.

Note: Automatic rollback grants the privilege back.

Known limitation: This change type does not support database inspection features (snapshot, diff, diff-changelog, and generate-changelog commands).

Available attributes

Attribute	Type	Description	Required
`shareName`	String	Name of the share to revoke the privilege from	Yes
`objectType`	String	Type of object to revoke privilege on*	Yes
`objectName`	String	Name of the object to revoke privilege on	Yes
`catalogName`	String	Name of the catalog (database) containing the object**	No
`schemaName`	String	Name of the schema containing the object***	No
`privilege`	String	Privilege to revoke (see table below)	Yes

* Supported types: DATABASE, SCHEMA, TABLE, EXTERNAL_TABLE, ICEBERG_TABLE, DYNAMIC_TABLE, VIEW, FUNCTION, TAG, SEMANTIC_VIEW

** Cannot be specified for DATABASE type.

*** Cannot be specified for DATABASE or SCHEMA types.

Privileges by object type

Object type	Valid privileges
DATABASE	USAGE, REFERENCE_USAGE
SCHEMA	USAGE
TABLE	SELECT, EVOLVE SCHEMA
EXTERNAL_TABLE	SELECT
ICEBERG_TABLE	SELECT
DYNAMIC_TABLE	SELECT
VIEW	SELECT
FUNCTION	USAGE
TAG	READ
SEMANTIC_VIEW	REFERENCES

<?xml version="1.0" encoding="UTF-8"?>
<databaseChangeLog
  xmlns="http://www.liquibase.org/xml/ns/dbchangelog"
  xmlns:pro-snowflake="http://www.liquibase.org/xml/ns/pro-snowflake"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog
        http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-latest.xsd
        http://www.liquibase.org/xml/ns/pro-snowflake
        http://www.liquibase.org/xml/ns/pro-snowflake/liquibase-pro-snowflake-latest.xsd">
  <!-- Revoke SELECT on table -->
  <changeSet id="revoke-table-select" author="examples">
    <pro-snowflake:revokePrivilegeFromShare
                shareName="MY_SHARE"
                objectType="TABLE"
                objectName="CUSTOMERS"
                catalogName="MY_DATABASE"
                schemaName="PUBLIC"
                privilege="SELECT"/>
  </changeSet>
  <!-- Revoke SELECT on view -->
  <changeSet id="revoke-view-select" author="examples">
    <pro-snowflake:revokePrivilegeFromShare
                shareName="MY_SHARE"
                objectType="VIEW"
                objectName="CUSTOMER_SUMMARY"
                catalogName="MY_DATABASE"
                schemaName="PUBLIC"
                privilege="SELECT"/>
  </changeSet>
  <!-- Revoke USAGE on schema -->
  <changeSet id="revoke-schema-usage" author="examples">
    <pro-snowflake:revokePrivilegeFromShare
                shareName="MY_SHARE"
                objectType="SCHEMA"
                objectName="PUBLIC"
                catalogName="MY_DATABASE"
                privilege="USAGE"/>
  </changeSet>
  <!-- Revoke USAGE on database -->
  <changeSet id="revoke-database-usage" author="examples">
    <pro-snowflake:revokePrivilegeFromShare
                shareName="MY_SHARE"
                objectType="DATABASE"
                objectName="MY_DATABASE"
                privilege="USAGE"/>
  </changeSet>
</databaseChangeLog>

<?xml version="1.0" encoding="UTF-8"?>
<databaseChangeLog
  xmlns="http://www.liquibase.org/xml/ns/dbchangelog"
  xmlns:pro-snowflake="http://www.liquibase.org/xml/ns/pro-snowflake"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog
        http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-latest.xsd
        http://www.liquibase.org/xml/ns/pro-snowflake
        http://www.liquibase.org/xml/ns/pro-snowflake/liquibase-pro-snowflake-latest.xsd">
  <!-- Revoke SELECT on table -->
  <changeSet id="revoke-table-select" author="examples">
    <pro-snowflake:revokePrivilegeFromShare
                shareName="MY_SHARE"
                objectType="TABLE"
                objectName="CUSTOMERS"
                catalogName="MY_DATABASE"
                schemaName="PUBLIC"
                privilege="SELECT"/>
  </changeSet>
  <!-- Revoke SELECT on view -->
  <changeSet id="revoke-view-select" author="examples">
    <pro-snowflake:revokePrivilegeFromShare
                shareName="MY_SHARE"
                objectType="VIEW"
                objectName="CUSTOMER_SUMMARY"
                catalogName="MY_DATABASE"
                schemaName="PUBLIC"
                privilege="SELECT"/>
  </changeSet>
  <!-- Revoke USAGE on schema -->
  <changeSet id="revoke-schema-usage" author="examples">
    <pro-snowflake:revokePrivilegeFromShare
                shareName="MY_SHARE"
                objectType="SCHEMA"
                objectName="PUBLIC"
                catalogName="MY_DATABASE"
                privilege="USAGE"/>
  </changeSet>
  <!-- Revoke USAGE on database -->
  <changeSet id="revoke-database-usage" author="examples">
    <pro-snowflake:revokePrivilegeFromShare
                shareName="MY_SHARE"
                objectType="DATABASE"
                objectName="MY_DATABASE"
                privilege="USAGE"/>
  </changeSet>
</databaseChangeLog>

revokePrivilegeFromShare

Available attributes

Privileges by object type

XML

JSON

YAML

SQL

More like this