Permissions
The REVOKE statement can be executed by a user who is either the owner of the target object or has been granted permission (using WITH GRANT OPTION) to use the statement on the specific target object by another user. To revoke database privileges, you must be working in a session that is connected to the iidbdb. If the indicated roles have security audit attributes, the session must also have MAINTAIN_AUDIT privilege.