How to REVOKE Permissions in Redshift

How do I revoke permissions from users or roles in Amazon Redshift?

REVOKE removes previously granted privileges from Redshift objects, instantly blocking access for specified users, groups, or roles.

Welcome to the Galaxy, Guardian!

Oops! Something went wrong while submitting the form.

Description

What does REVOKE do in Redshift?

REVOKE removes or restricts privileges that were previously granted to users, groups, or roles on objects such as databases, schemas, tables, views, functions, and stored procedures. It is the inverse of GRANT and takes effect immediately.

How do I remove SELECT privileges from a table?

Run REVOKE with the privilege, object type, object name, and grantee list. Redshift stops the grantee from reading the table right away.

REVOKE SELECT ON TABLE public.orders FROM ROLE analyst_role;

How do I revoke multiple privileges at once?

Separate privileges with commas in the same statement for a clean, atomic change.

REVOKE INSERT, UPDATE ON TABLE public.products FROM GROUP data_loaders;

How do I revoke default privileges granted by a schema owner?

Combine ALTER DEFAULT PRIVILEGES with REVOKE to change permissions for future objects created by a user or role.

ALTER DEFAULT PRIVILEGES FOR USER app_owner IN SCHEMA public
REVOKE SELECT ON TABLES FROM PUBLIC;

How can I revoke ALL privileges from a database?

Use the ALL shorthand to remove every possible privilege in one command. Be cautious—users lose every permission on the object.

REVOKE ALL ON DATABASE ecommerce_db FROM USER alice;

Best practices for REVOKE

Audit privileges regularly, use groups or roles instead of single users, script changes in version control, and test in staging before production.

Common mistakes and how to fix them

Missing CASCADE: Redshift defaults to RESTRICT, so dependent privileges block the statement. Add CASCADE to forcefully drop them.
Revoking from wrong level: Removing table privileges doesn’t affect default privileges. Check both current and default grants.

Why How to REVOKE Permissions in Redshift is important

How to REVOKE Permissions in Redshift Example Usage


-- Revoke UPDATE on Orders and SELECT on Customers from a BI group
REVOKE UPDATE ON TABLE public.orders,
       SELECT ON TABLE public.customers
FROM GROUP bi_readers;

How to REVOKE Permissions in Redshift Syntax


REVOKE [ privilege [ , ... ] | ALL ]
       ON { TABLE table_name | DATABASE db_name | SCHEMA schema_name | FUNCTION func_name(args) }
       FROM { USER user_name | GROUP group_name | ROLE role_name | PUBLIC } [ , ... ]
       [ CASCADE | RESTRICT ];

-- Ecommerce examples
-- 1. Remove read access from a support role
REVOKE SELECT ON TABLE public.customers FROM ROLE support_role;

-- 2. Strip all rights from a departing contractor
REVOKE ALL ON SCHEMA public FROM USER contractor_01 CASCADE;

Common Mistakes

Omitting CASCADE when dependent privileges exist. REVOKE fails with an error. Fix: add CASCADE or remove dependent objects first.
Revoking from a group but forgetting users hold individual grants. Fix: run REVOKE on both the group and specific users or switch to roles.