REVOKE

The REVOKE statement permits a connected and authenticated user to revoke encryption privileges from an existing user.

Invocation

This statement can be used in an application program using the DB2 CLI functions or issued through the CLP.

Syntax

>>-REVOKE--ENCRYPT ON DATABASE FROM--user----------------------><
 
 

Description

user

Identifies the user whose encryption privileges are being revoked.

Rules

• The user parameter must be delimited identifier. It is limited in length to 254 bytes.
• For multi-byte characters, the UTF-8 encoding is used internally for storage. Therefore, user names written using international character sets are limited in length.
• If all users with encryption privileges are removed, encrypted tables can continue to be accessed during the current session. After the current session is terminated, the encrypted tables are no longer accessible.

Notes

• A user must be connected and authenticated to revoke privileges from an existing user. If you are a connected and authenticated user, you can revoke privileges from any user including yourself.
• The REVOKE statement cannot be used with parameter markers or the SQLPrepare() function.
• Attempting to REVOKE privileges while connected as an unauthorized user returns SQLSTATE 42502. Trying to REVOKE privileges from a non-existing user results in SQLSTATE 42501.

Example

The currently connected, authenticated user removes encryption privileges from user "jsk":

REVOKE ENCRYPT ON DATABASE FROM "jsk"

Related reference

• Overview of DB2 Everyplace SQL statement support
• Data type compatibility for assignments and comparisons
• DB2 Everyplace supported parameter markers
• SQLState listing
• Summary of SQLState class codes