revokeRole
Revokes a role from a user or from another role in Snowflake. This operation is used to remove role assignments from users or to remove roles from role hierarchies.
Attributes
You must specify one of the following attributes.
Attribute | Type | Description | Required |
|---|---|---|---|
roleName | String | Name of the role to revoke | Yes |
fromUser | String | Name of the user to revoke the role from. Exactly one of `fromUser` or `fromRole` must be specified (not both, not neither). | Conditional* |
fromRole | String | Name of the role to revoke the role from. Exactly one of `fromUser` or `fromRole` must be specified (not both, not neither). | Conditional* |
<databaseChangeLog
xmlns="http://www.liquibase.org/xml/ns/dbchangelog"
xmlns:pro-snowflake="http://www.liquibase.org/xml/ns/pro-snowflake"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog
http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-latest.xsd
http://www.liquibase.org/xml/ns/pro-snowflake
http://www.liquibase.org/xml/ns/pro-snowflake/liquibase-pro-snowflake-latest.xsd">
<changeSet author="IntegrationTest" id="1">
<sql>CREATE USER IF NOT EXISTS "user-name"</sql>
<sql>CREATE ROLE "role-with-dash"</sql>
<sql>GRANT ROLE "role-with-dash" TO USER "user-name"</sql>
<pro-snowflake:revokeRole roleName="role-with-dash" fromUser="user-name"/>
<rollback>
<sql>DROP ROLE IF EXISTS "role-with-dash"</sql>
<sql>DROP USER IF EXISTS "user-name"</sql>
</rollback>
</changeSet>
<changeSet author="IntegrationTest" id="2">
<sql>CREATE ROLE "child-role"</sql>
<sql>CREATE ROLE "parent-role"</sql>
<sql>GRANT ROLE "child-role" TO ROLE "parent-role"</sql>
<pro-snowflake:revokeRole roleName="child-role" fromRole="parent-role"/>
<rollback>
<sql>DROP ROLE IF EXISTS "child-role"</sql>
<sql>DROP ROLE IF EXISTS "parent-role"</sql>
</rollback>
</changeSet>
</databaseChangeLog>