CTCONTROL enables a user to grant or revoke the CONNECT THROUGH privilege using the GRANT CONNECT THROUGH or REVOKE CONNECT THROUGH statements. You can only grant CTCONTROL to specific users.
Rules for Granting the CTCONTROL Privilege
The following rules apply to granting the CTCONTROL privilege:
- The user specified by user_name must be an existing user of the system. Note that user_name cannot specify a role. If you attempt to grant CTCONTROL to a role, the request aborts and returns a message to the user.
- User DBC can grant the CTCONTROL privilege to any other user WITH GRANT OPTION.
- To submit a GRANT request for the CTCONTROL privilege to a user, you must either be user DBC or a user who has previously been granted the CTCONTROL privilege WITH GRANT OPTION.
WITH GRANT OPTION permits the grantee to grant the privilege to other users.
For more information about GRANT CONNECT THROUGH, see GRANT CONNECT THROUGH.
Example: Granting the CTCONTROL Privilege
The following example grants user kate the privilege to grant the CONNECT THROUGH privilege to user trusteduser2:
GRANT CTCONTROL ON trusteduser2 TO kate;
To then execute a GRANT CONNECT THROUGH request, trusteduser2 requires the following privileges:
- CTCONTROL on herself.
- GRANT ... WITH ADMIN OPTION on any role specified
See GRANT (Role Form).
- DROP USER on any PERMANENT users specified as proxy users.