revokeRole
Revokes a role from a user or from another role in Snowflake. Used to remove role assignments from users or to remove roles from role hierarchies.
Note: This change type does not support automatic rollback or database inspection features (snapshot, diff, diff-changelog, and generate-changelog commands).
Available attributes
Attribute | Type | Description | Required |
|---|---|---|---|
| String | Name of the role to revoke | Yes |
| String | Name of the user to revoke the role from* | No |
| String | Name of the role to revoke the role from* | No |
* Exactly one of fromUser or fromRole must be specified
<?xml version="1.0" encoding="UTF-8"?>
<databaseChangeLog
xmlns="http://www.liquibase.org/xml/ns/dbchangelog"
xmlns:pro-snowflake="http://www.liquibase.org/xml/ns/pro-snowflake"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog
http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-latest.xsd
http://www.liquibase.org/xml/ns/pro-snowflake
http://www.liquibase.org/xml/ns/pro-snowflake/liquibase-pro-snowflake-latest.xsd">
<!-- Revoke role from user -->
<changeSet id="revoke-role-from-user" author="examples">
<pro-snowflake:revokeRole
roleName="ANALYST_ROLE"
fromUser="JOHN_DOE"/>
</changeSet>
<!-- Revoke role from role (break role hierarchy) -->
<changeSet id="revoke-role-from-role" author="examples">
<pro-snowflake:revokeRole
roleName="DATA_READER"
fromRole="ANALYST_ROLE"/>
</changeSet>
</databaseChangeLog>