REVOKE CONNECT THROUGH Syntax - Advanced SQL Engine - Teradata Database

SQL Data Control Language
Product
Advanced SQL Engine
Teradata Database
Release Number
17.10
Published
July 2021
Language
English (United States)
Last Update
2021-07-27
dita:mapPath
sqd1591723147563.ditamap
dita:ditavalPath
sqd1591723147563.ditaval
dita:id
B035-1149
lifecycle
previous
Product Category
Teradata® Vantage™ NewSQLEngine
REVOKE CONNECT THROUGH trusted_user_name {

  { { TO | FROM }

      { application_user_name [,...]
        [ WITH ROLE role_name [,...] ]
        [ WITH PROFILE profile_name ] |

        PERMANENT permanent_user_name [,...]
        [ WITH ROLE role_name [,...] ]
      }
  } |

  WITH TRUST ONLY
} [;]

Syntax Elements

trusted_user_name
The name of the trusted user whose CONNECT THROUGH privilege is being revoked.
WITH TRUST_ONLY
Removes the TrustOnly flag from the trusted_user_name.
This option is valid only when submitted for a trusted user.
The TrustOnly option requires that a trusted user must submit SET QUERY_BAND requests that set or update a proxy user from a trusted request.
application_user_name
The name of an application user from whom the proxy logon privileges granted through trusted_user_name are being revoked.
If you do not specify a WITH ROLE clause, the request revokes the connect privilege for the specified application user.
You can specify a maximum of 25 names in a single revoke request.
permanent_user_name
The name of a permanent user from whom the proxy logon privileges granted through trusted_user_name are being revoked.
If you do not specify a WITH ROLE clause, the request revokes the connect privilege for each permanent user from the trusted user.
You can specify a maximum of 25 names in a single revoke request.
role_name
A list of role names to be removed from the CONNECT THROUGH privilege granted to trusted_user_name.
If you remove all roles that have been granted the CONNECT THROUGH privilege for the specified permanent or application user, then the system revokes the entire privilege for the specified permanent or application user.
Similarly, if you do not specify a WITH ROLE clause, then the system revokes the entire privilege for the specified permanent or application user.
profile_name
Removes the profile from the application_user_name proxy user for trusted_user_name but leaves the rule granted. Removing the profile or revoking the entire rule removes the associated rows for the proxy user from the DBC.databasespace table.