How to Revoke Permissions in MariaDB

Galaxy Glossary

How do I revoke user privileges in MariaDB?

REVOKE removes previously granted privileges or roles from a MariaDB account.

Welcome to the Galaxy, Guardian!

Oops! Something went wrong while submitting the form.

Description

Example H2

Example H3

What does REVOKE do in MariaDB?

REVOKE strips a user or role of specific privileges or entire roles, immediately limiting what that account can do on the server, database, table, or column level.

When should I revoke privileges?

Revoke privileges when an employee leaves, a service account is over-provisioned, or you need to follow the principle of least privilege during audits.

How do I revoke all permissions from a user?

Use REVOKE ALL PRIVILEGES ON *.* FROM 'user'@'host'; This removes every privilege but keeps the account intact, allowing you to grant only what is needed later.

How do I revoke a single privilege on one table?

Target the privilege and the object: REVOKE SELECT ON ecommerce.Orders FROM 'analyst'@'%'; The user loses read access to Orders but keeps other rights.

Can I revoke a role?

Yes. REVOKE 'reporting_role' FROM 'analyst'@'%'; The role and its bundled privileges are detached from the user.

Best practices for revoking privileges

Always test in staging, document every REVOKE, and verify with SHOW GRANTS. Combine with FLUSH PRIVILEGES only if you edited mysql.* tables directly.

Why How to Revoke Permissions in MariaDB is important

How to Revoke Permissions in MariaDB Example Usage


-- Remove the ability for the analyst to view customer e-mails
REVOKE SELECT (email) ON ecommerce.Customers FROM 'analyst'@'%';

-- Strip a service account of UPDATE on stock levels
REVOKE UPDATE (stock) ON ecommerce.Products FROM 'restock_svc'@'192.168.%';

How to Revoke Permissions in MariaDB Syntax


REVOKE [privilege [, ...] | ALL [PRIVILEGES]]
       ON [<scope> | *.* | db_name.* | db_name.tbl_name]
       FROM user_or_role [, ...]
       [WITH GRANT OPTION]

-- Common privilege list
-- SELECT | INSERT | UPDATE | DELETE | EXECUTE | USAGE | ...

-- Ecommerce example: remove insert rights on Orders
REVOKE INSERT ON ecommerce.Orders FROM 'order_bot'@'10.%';

-- Revoke all rights everywhere
REVOKE ALL PRIVILEGES, GRANT OPTION ON *.* FROM 'temp_dev'@'%';

Common Mistakes

Using DROP USER instead of REVOKE: DROP USER deletes the account entirely, breaking apps. Fix by issuing REVOKE to slim privileges while keeping login credentials.
Forgetting GRANT OPTION: If you granted WITH GRANT OPTION, users can re-grant rights. Always REVOKE GRANT OPTION ON *.* FROM 'user'@'host' to lock privileges fully.