diff --git a/hbase-shell/src/main/ruby/hbase/security.rb b/hbase-shell/src/main/ruby/hbase/security.rb
index 652459a9668c..d04a6788830b 100644
--- a/hbase-shell/src/main/ruby/hbase/security.rb
+++ b/hbase-shell/src/main/ruby/hbase/security.rb
@@ -99,11 +99,21 @@ def revoke(user, table_name = nil, family = nil, qualifier = nil)
             # Namespace should exist first.
             namespace_name = table_name[1...table_name.length]
             raise(ArgumentError, "Can't find a namespace: #{namespace_name}") unless namespace_exists?(namespace_name)
-
-            tablebytes = table_name.to_java_bytes
-            org.apache.hadoop.hbase.security.access.AccessControlClient.revoke(
-              @connection, namespace_name, user
-            )
+            if (!family.nil? and isPermissionType?(family))
+              permission = family[1...family.length-1]
+              perm = org.apache.hadoop.hbase.security.access.Permission.new(
+                permission.to_java_bytes
+               )
+              puts "revoke #{permission} permission"
+              org.apache.hadoop.hbase.security.access.AccessControlClient.revoke(
+                @connection, namespace_name, user, perm.getActions
+              )
+            else
+              tablebytes = table_name.to_java_bytes
+              org.apache.hadoop.hbase.security.access.AccessControlClient.revoke(
+                @connection, namespace_name, user
+              )
+            end
           else
             # Table should exist
             raise(ArgumentError, "Can't find a table: #{table_name}") unless exists?(table_name)
@@ -181,6 +191,10 @@ def isNamespace?(table_name)
       table_name.start_with?('@')
     end
 
+    def isPermissionType?(permission_type)
+      permission_type.start_with?('{')
+    end
+
     def isTablePermission?(permission)
       permission.java_kind_of?(org.apache.hadoop.hbase.security.access.TablePermission)
     end
diff --git a/hbase-shell/src/main/ruby/shell/commands/revoke.rb b/hbase-shell/src/main/ruby/shell/commands/revoke.rb
index 4742bd79f63a..de02388fc990 100644
--- a/hbase-shell/src/main/ruby/shell/commands/revoke.rb
+++ b/hbase-shell/src/main/ruby/shell/commands/revoke.rb
@@ -33,7 +33,7 @@ def help
 
     hbase> revoke 'bobsmith'
     hbase> revoke '@admins'
-    hbase> revoke 'bobsmith', '@ns1'
+    hbase> revoke 'bobsmith', '@ns1', '{permissions}'
     hbase> revoke 'bobsmith', 't1', 'f1', 'col1'
     hbase> revoke 'bobsmith', 'ns1:t1', 'f1', 'col1'
 EOF