Revoking SELECT or EXECUTE privileges on SYS objects - Amazon Relational Database Service
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Revoking SELECT or EXECUTE privileges on SYS objects

To revoke privileges on a single object, use the Amazon RDS procedure rdsadmin.rdsadmin_util.revoke_sys_object. The procedure only revokes privileges that the master account has already been granted through a role or direct grant.

The revoke_sys_object procedure has the following parameters.

Parameter name Data type Default Required Description

p_obj_name

varchar2

Yes

The name of the object to revoke privileges for. The object can be a directory, function, package, procedure, sequence, table, or view. Object names must be spelled exactly as they appear in DBA_OBJECTS. Most system objects are defined in upper case, so we recommend you try that first.

p_revokee

varchar2

Yes

The name of the object to revoke privileges for. The object can be a schema or a role.

p_privilege

varchar2

null

Yes

The following example revokes select privileges on an object named V_$SESSION from a user named USER1.

begin rdsadmin.rdsadmin_util.revoke_sys_object( p_obj_name => 'V_$SESSION', p_revokee => 'USER1', p_privilege => 'SELECT'); end; /