Revokes a specific permission that is granted to a user.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request parameters

Parameter Type Required Example Description
PrivilegeBag Object Yes

The information of the permission.
HiveObjectPrivilege Array Yes

The array of the permission information.
HiveObjectRef Object Yes

The information about the authorization granularity.
DbName String Yes db001

The database name. This parameter is required if you grant permissions on a database or table to the user.

HiveObjectType String Yes GLOBAL

The scope of the permissions that you grant to the user. Valid values: GLOBAL, DATABASE, and TABLE. GLOBAL indicates the permissions on all databases, DATABASE indicates the permissions on a database, and TABLE indicates the permissions on a table.

TableName String Yes tbl001

The table name. This parameter is required if you grant permissions on a table to the user.

PrincipalName String Yes user001

The name of the user to whom you grant the permission.
PrincipalType String Yes USER

The type of the user to whom you grant the permission. Set the value to USER.
PrivilegeGrantInfo Object Yes

The information of the permission.
GrantOption Boolean Yes false

Specifies whether the authorized user can grant the obtained permission to other users.
Grantor String Yes user002

The username of the sub-account used by the user who grants the permission.
PrincipalType String Yes USER

The type of the user who grants the permission. Set the value to USER.
Privilege String Yes CREATE

The permission that you want to revoke from the user.

Response parameters

Parameter Type Example Description
Code String NO_PRIVILEGE

The error code returned.
Data Boolean false

Indicates whether the permission is revoked from the user.
Message String Access denied for user 'user002' to revoke 'CREATE' to user001

The error message returned.
RequestId String 9BEAC206-0795-4DE3-B1FD-964BEF432B23

The ID of the request.
Success Boolean false

Indicates whether the request is successful.

Examples

Sample requests

http(s)://[Endpoint]/?PrivilegeBag={"HiveObjectPrivilege":[{"PARAM_KEY":{"PrivilegeGrantInfo":{"GrantOption":"false","Grantor":"user002","Privilege":"CREATE","PrincipalType":"USER"},"HiveObjectRef":{"TableName":"tbl001","DbName":"db001","HiveObjectType":"GLOBAL"},"PrincipalName":"user001","PrincipalType":"USER"}}]}
&<Common request parameters>

Sample success responses

XML format 

<Message>Access denied for user 'user002' to revoke 'CREATE' to user001</Message>
<RequestId>9BEAC206-0795-4DE3-B1FD-964BEF432B23</RequestId>
<Data>false</Data>
<Code>NO_PRIVILEGE</Code>
<Success>false</Success>

JSON format 

{
    "Message": "Access denied for user 'user002' to revoke 'CREATE' to user001",
    "RequestId": "9BEAC206-0795-4DE3-B1FD-964BEF432B23",
    "Data": "false",
    "Code": "NO_PRIVILEGE",
    "Success": "false"
}

Error codes

For a list of error codes, visit the API Error Center.