class="parameter">role_name</replaceable> [, ...] FROM <replaceable class="parameter">role_specification</replaceable> [, ...]
[ GRANTED BY <replaceable class="parameter">role_specification</replaceable> ]
[ CASCADE | RESTRICT ]
<phrase>where <replaceable class="parameter">role_specification</replaceable> can be:</phrase>
[ GROUP ] <replaceable class="parameter">role_name</replaceable>
| PUBLIC
| CURRENT_ROLE
| CURRENT_USER
| SESSION_USER
</synopsis>
</refsynopsisdiv>
<refsect1 id="sql-revoke-description">
<title>Description</title>
<para>
The <command>REVOKE</command> command revokes previously granted
privileges from one or more roles. The key word
<literal>PUBLIC</literal> refers to the implicitly defined group of
all roles.
</para>
<para>
See the description of the <link linkend="sql-grant"><command>GRANT</command></link> command for
the meaning of the privilege types.
</para>
<para>
Note that any particular role will have the sum
of privileges granted directly to it, privileges granted to any role it
is presently a member of, and privileges granted to
<literal>PUBLIC</literal>. Thus, for example, revoking <literal>SELECT</literal> privilege
from <literal>PUBLIC</literal> does not necessarily mean that all roles
have lost <literal>SELECT</literal> privilege on the object: those who have it granted
directly or via another role will still have it. Similarly, revoking
<literal>SELECT</literal> from a user might not prevent that user from using
<literal>SELECT</literal> if <literal>PUBLIC</literal> or another membership
role still has <literal>SELECT</literal> rights.
</para>
<para>
If <literal>GRANT OPTION FOR</literal> is specified, only the grant
option for the privilege is revoked, not the privilege itself.
Otherwise, both the privilege and the grant option are revoked.
</para>
<para>
If a user holds a privilege with grant option and has granted it to
other users then the privileges held by those other users are
called dependent privileges. If the privilege or the grant option
held by the first user is being revoked and dependent privileges
exist, those dependent privileges are also revoked if
<literal>CASCADE</literal> is specified; if it is not, the revoke action
will fail. This recursive revocation only affects privileges that
were granted through a chain of users that is traceable to the user
that is the subject of this <literal>REVOKE</literal> command.
Thus, the affected users might effectively keep the privilege if it
was also granted through other users.
</para>
<para>
When revoking privileges on a table, the corresponding column privileges
(if any) are automatically revoked on each column of the table, as well.
On the other hand, if a role has been granted privileges on a table, then
revoking the same privileges from individual columns will have no effect.
</para>
<para>
When revoking membership in a role, <literal>GRANT OPTION</literal> is instead
called <literal>ADMIN OPTION</literal>, but the behavior is similar.
Note that, in releases prior to <productname>PostgreSQL</productname> 16,
dependent privileges were not tracked for grants of role membership,
and thus <literal>CASCADE</literal> had no effect for role membership.
This is no longer the case.
Note also that this form of the command does not
allow the noise word <literal>GROUP</literal>
in <replaceable class="parameter">role_specification</replaceable>.
</para>
<para>
Just as <literal>ADMIN OPTION</literal> can be removed from an existing
role grant, it is also possible to revoke <literal>INHERIT OPTION</literal>
or <literal>SET OPTION</literal>. This is equivalent to setting the value
of the corresponding option to <literal>FALSE</literal>.
</para>
</refsect1>
<refsect1 id="sql-revoke-notes">
<title>Notes</title>
<para>
A user can only