I have a problem with Revoke command. I created the role and grant to role "SELECTE on table" privilege. Then I grant role to user. Then I revoke role from user. But the user still have "SELECT on table" privilege which he received via role. What I do wrong?
HR user:
create table testtable (id number);--Table TESTTABLE created
create role trole;--Role TROLE created
grant select on testtable to trole;--Grant succeeded
grant trole to test_user;--Grant succeeded
test_user:
set role trole;--Role TROLE succeeded.
select * from hr.testtable;--working
HR user:
revoke trole from test_user;--Revoke succeeded.
Test_user:
select * from hr.testtable;--working again despite that the fact the role is revoked.
note: there are no any other grant to test_user
Revoke will remove the role and any privileges that are part of that role from the user. In your case it sounds like test_user has some additional privilege like SELECT ANY TABLE granted directly or inherited through the PUBLIC role. Check this post to find all granted privileges: How to show all privileges from a user in oracle?