04.01.2014 11:51, Alan McDonald wrote: > Users with RDB$ADMIN granted to them have the ability to creates users. > > They can, of course, also grant other roles to users. > > But they cannot revoke roles already granted to a user by another > RDB$ADMIN or SYSDBA since the RDB$GRANTOR is always a user not a role.
Did you try the GRANTED BY clause in REVOKE? Dmitry