The REVOKE statement allows revoking of any RBAC roles from specific users.
|simple||Roles which apply generically to all buckets/resources in the cluster.
For example: ClusterAdmin or BucketAdmin
|parameterized by a bucket||Roles which are defined for the scope of the specified bucket only. The bucket name is specified after ON.
For example: BucketReader ON `travel-sample`
or Query_Select ON `travel-sample`
REVOKE role1 [, role2, ...] ON bucket1 [, bucket2, ...] FROM user1 [, user2, ...]
- RBAC-role is one of the RBAC role names predefined by Couchbase Server.
- RBAC-user is the user name created by the Couchbase Server RBAC system.
The following roles have short forms that can be used as well:
- query_select → select
- query_insert → insert
- query_update → update
- query_delete → delete
- The name of your Couchbase or Memcached bucket or buckets.
- RBAC-user in your bucket.
Example 1: Revoke the role of ClusterAdmin from three people.
REVOKE ClusterAdmin FROM david, michael, robin
REVOKE ClusterAdmin, QueryUpdate ON `travel-sample` FROM debby