Revokes one or more privileges on an external location from a principal.
REVOKE <privilege> [, <privilege> ...] ON EXTERNAL LOCATION <name> FROM <principal>## Overview REVOKE ON EXTERNAL LOCATION removes one or more privileges from a principal. The revoke is idempotent for each privilege. ## Behavior - Multiple privileges in one statement are revoked atomically; if the principal lacks one of them, the others are still revoked. - WITH GRANT OPTION attached to the original grant is removed when the underlying privilege is revoked. - Privileges re-granted by the principal under WITH GRANT OPTION are NOT auto-revoked. Downstream grants persist until explicitly revoked. ## Access Control Requires the `ManageGrants` privilege on the location. ## Compatibility DeltaForge extension.
| Name | Type | Description |
|---|---|---|
privileges | Specifies one or more privileges as a comma-separated list. | |
location_name | Specifies the external location. | |
principal | Specifies the principal to revoke from. |
REVOKE READ ON EXTERNAL LOCATION raw_data FROM ROLE analyst;REVOKE READ, CREATE_EXTERNAL_LOCATION ON EXTERNAL LOCATION raw_data FROM ROLE pipeline_lead;