Adds **Revoking grants from a user** paragraph

AArdeev · AArdeev · commit d45ccb36bef3 · 2025-06-06T14:31:36.000+03:00
Fixes #5152
diff --git a/doc/code_snippets/snippets/config/instances.enabled/credentials/revoke.yaml b/doc/code_snippets/snippets/config/instances.enabled/credentials/revoke.yaml
@@ -0,0 +1,23 @@
+# grant privileges
+    sampleuser:
+      password: '123456'
+      roles: [ writers_space_reader ]
+      privileges:
+      - permissions: [ read, write ]
+        spaces: [ books ]
+
+# take away a privilege:
+    sampleuser:
+      password: '123456'
+      roles: [ writers_space_reader ]
+      privileges:
+      - permissions: [ read ]
+        spaces: [ books ]
+
+# take away all previously granted privileges:
+    sampleuser:
+      password: '123456'
+      roles: [ writers_space_reader ]
+      privileges: []
+#      - permissions: [ read ]
+#        spaces: [ books ]
diff --git a/doc/platform/connections_and_auth/credentials.rst b/doc/platform/connections_and_auth/credentials.rst
@@ -80,7 +80,18 @@ In this example, ``sampleuser`` gets privileges to select and modify data in the
 
 You can find the full example here: `credentials <https://github.com/tarantool/doc/tree/latest/doc/code_snippets/snippets/config/instances.enabled/credentials>`_.
 
+.. _configuration_credentials_managing_users_roles_revoking_privileges:
 
+Revoking privileges from a user
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+To take a previously granted privilege away, specify the ``permission`` field without the 
+previously allowed privilege, or with an empty ``privileges`` array. Further options may retain commented-out, if necessary:
+
+..  literalinclude:: /code_snippets/snippets/config/instances.enabled/credentials/revoke.yaml
+    :language: yaml
+    :start-at: sampleuser:
+    :dedent:
 
 .. _configuration_credentials_loading_secrets:
 
