REVOKE CONNECT THROUGH Statement | SQL Data Control Language | Teradata Vantage - 17.05 - REVOKE CONNECT THROUGH - Teradata Database

Teradata Vantageā„¢ - SQL Data Control Language

prodname
Advanced SQL Engine
Teradata Database
vrm_release
17.00
17.05
created_date
June 2020
category
Programming Reference
featnum
B035-1149-170K

Revokes an existing proxy CONNECT THROUGH privilege from a permanent user or application user.

Required Privileges

You must have the CTCONTROL privilege (see CTCONTROL Privilege) to perform a REVOKE CONNECT THROUGH request.

If the request specifies a WITH ROLE clause, you must also have the WITH ADMIN OPTION privilege on each of the roles specified in the clause.

Syntax

REVOKE CONNECT THROUGH trusted_user_name {

  { { TO | FROM }

      { application_user_name [,...]
        [ WITH ROLE role_name [,...] ]
        [ WITH PROFILE profile_name ] |

        PERMANENT permanent_user_name [,...]
        [ WITH ROLE role_name [,...] ]
      }
  } |

  WITH TRUST ONLY
} [;]

Syntax Elements

trusted_user_name
The name of the trusted user whose CONNECT THROUGH privilege is being revoked.
WITH TRUST_ONLY
Removes the TrustOnly flag from the trusted_user_name.
This option is valid only when submitted for a trusted user.
The TrustOnly option requires that a trusted user must submit SET QUERY_BAND requests that set or update a proxy user from a trusted request.
application_user_name
The name of an application user from whom the proxy logon privileges granted through trusted_user_name are being revoked.
If you do not specify a WITH ROLE clause, the request revokes the connect privilege for the specified application user.
You can specify a maximum of 25 names in a single revoke request.
permanent_user_name
The name of a permanent user from whom the proxy logon privileges granted through trusted_user_name are being revoked.
If you do not specify a WITH ROLE clause, the request revokes the connect privilege for each permanent user from the trusted user.
You can specify a maximum of 25 names in a single revoke request.
role_name
A list of role names to be removed from the CONNECT THROUGH privilege granted to trusted_user_name.
If you remove all roles that have been granted the CONNECT THROUGH privilege for the specified permanent or application user, then the system revokes the entire privilege for the specified permanent or application user.
Similarly, if you do not specify a WITH ROLE clause, then the system revokes the entire privilege for the specified permanent or application user.
profile_name
Removes the profile from the application_user_name proxy user for trusted_user_name but leaves the rule granted. Removing the profile or revoking the entire rule removes the associated rows for the proxy user from the DBC.databasespace table.

Example of Revoking the CONNECT THROUGH Privilege

The following REVOKE CONNECT request revokes the CONNECT THROUGH privilege that had been granted to permanent user sbd with the role admin through trusted user pls:

REVOKE CONNECT THROUGH pls FROM PERMANENT sbd WITH ROLE admin;