REVOKE (Package Privileges)

This form of the REVOKE statement removes the privileges on a package.

Invocation

This statement can be embedded in an application program or issued interactively. It is an executable statement that can be dynamically prepared.

Authorization

The privileges held by the authorization ID of the statement must include at least one of the following:

  • For each package identified in the statement:
    • Every privilege specified in the statement
    • The system authority of *OBJMGT on the package
    • The system authority *EXECUTE on the library containing the package
  • Administrative authority

Syntax

Read syntax diagramSkip visual syntax diagram
                  .-PRIVILEGES-.                 
>>-REVOKE--+-ALL--+------------+-+--ON PACKAGE------------------>
           | .-,-----------.     |               
           | V             |     |               
           '---+-ALTER---+-+-----'               
               '-EXECUTE-'                       

   .-,------------.        .-,----------------------.   
   V              |        V                        |   
>----package-name-+--FROM----+-authorization-name-+-+----------><
                             '-PUBLIC-------------'     

Description

ALL or ALL PRIVILEGES
Revokes one or more package privileges from each authorization-name. The privileges revoked are those privileges on the identified packages that were granted to the authorization-names. Note that revoking ALL PRIVILEGES on a package is not the same as revoking the system authority of *ALL.

If you do not use ALL, you must use one or more of the keywords listed below. Each keyword revokes the privilege described.

ALTER
Revokes the privilege to use the COMMENT and LABEL statements.
EXECUTE
Revokes the privilege to execute statements in a package.
ON PACKAGE package-name
Identifies the package from which the EXECUTE privilege is revoked. The package-name must identify a package that exists at the current server.
FROM
Identifies from whom the privileges are revoked.
authorization-name,…
Lists one or more authorization IDs. Do not specify the same authorization-name more than once.
PUBLIC
Revokes a grant of the privilege to PUBLIC. For more information, see Authorization, privileges and object ownership.

Notes

Multiple grants: If you revoke a privilege on a package, it nullifies any grant of the privilege on that package, regardless of who granted it.

Revoking WITH GRANT OPTION: The only way to revoke the WITH GRANT OPTION is to revoke ALL.

Privilege warning: Revoking a specific privilege from a user does not necessarily prevent that user from performing an action that requires that privilege. For example, the user may still have the privilege through PUBLIC or administrative privileges.

Corresponding system authorities: When a package privilege is revoked, the corresponding system authorities are revoked. For information about the system authorities that correspond to SQL privileges see GRANT (Package Privileges).

Syntax alternatives: The following keywords are synonyms supported for compatibility to prior releases. These keywords are non-standard and should not be used:

  • The keyword RUN can be used as a synonym for EXECUTE.
  • The keyword PROGRAM can be used as a synonym for PACKAGE.

Example

Example 1: Revoke the EXECUTE privilege on package PKGA from PUBLIC. 

   REVOKE EXECUTE
     ON PACKAGE PKGA
     FROM PUBLIC

Example 2: Revoke the EXECUTE privilege on package RRSP_PKG from user FRANK and PUBLIC.

   REVOKE EXECUTE
     ON PACKAGE RRSP_PKG
     FROM FRANK, PUBLIC

Parent topic: Statements