Transact-SQL Syntax ConventionsRevokes permissions on a database scoped credential.
Transact-SQL Syntax Conventions
REVOKE [ GRANT OPTION FOR ] permission [ ,...n ]
ON DATABASE SCOPED CREDENTIAL :: credential_name
{ TO | FROM } database_principal [ ,...n ]
[ CASCADE ]
[ AS revoking_principal ] GRANT OPTION FOR
Indicates that the ability to grant the specified permission will be revoked. The permission itself will not be revoked.
[!IMPORTANT]
If the principal has the specified permission without the GRANT option, the permission itself will be revoked.
permission
Specifies a permission that can be revoked on a database scoped credential. Listed below.
ON CERTIFICATE ::credential_name
Specifies the database scoped credential on which the permission is being revoked. The scope qualifier “::” is required.
database_principal
Specifies the principal from which the permission is being revoked. One of the following:
database user
database role
application role
database user mapped to a Windows login
database user mapped to a Windows group
database user mapped to a certificate
database user mapped to an asymmetric key
database user not mapped to a server principal.
CASCADE
Indicates that the permission being revoked is also revoked from other principals to which it has been granted by this principal.
[!CAUTION]
A cascaded revocation of a permission granted WITH GRANT OPTION will revoke both GRANT and DENY of that permission.
AS revoking_principal
Specifies a principal from which the principal executing this query derives its right to revoke the permission. One of the following:
database user
database role
application role
database user mapped to a Windows login
database user mapped to a Windows group
database user mapped to a certificate
database user mapped to an asymmetric key
database user not mapped to a server principal.
A database scoped credential is a database-level securable contained by the database that is its parent in the permissions hierarchy. The most specific and limited permissions that can be revoked on a database scoped credential are listed below, together with the more general permissions that include them by implication.
| Database scoped credential permission | Implied by database scoped credential permission | Implied by database permission |
|---|---|---|
| CONTROL | CONTROL | CONTROL |
| TAKE OWNERSHIP | CONTROL | CONTROL |
| ALTER | CONTROL | CONTROL |
| REFERENCES | CONTROL | REFERENCES |
| VIEW DEFINITION | CONTROL | VIEW DEFINITION |
Requires CONTROL permission on the database scoped credential.
REVOKE (Transact-SQL)
GRANT Database Scoped Credential (Transact-SQL)
DENY Database Scoped Credential (Transact-SQL)
Permissions (Database Engine)
Principals (Database Engine)
Encryption Hierarchy