Role Persistence Using Active Proxy Connections
Changes to a CONNECT THROUGH privilege definition are effective immediately, so the next request submitted in a proxy connection following a change to a CONNECT THROUGH privilege uses the new definition.
Dropped roles are also removed from the CONNECT THROUGH privilege definition. Therefore, a rule can be left with no defined roles. When you drop all roles assigned to a CONNECT THROUGH privilege definition, Vantage grants the affected proxy users PUBLIC privileges only.
CONNECT THROUGH and Parameter Markers
Parameter markers are not supported for REVOKE CONNECT requests.
Dictionary Storage of CONNECT THROUGH Metadata
The dictionary table DBC.ConnectRulesTbl contains information on which proxy users can connect through which trusted users and what roles are available to make proxy connections. The table contains one row for every trusted_user_name:proxy_user_name combination.
- Trusted user name:permanent user name
- Trusted user name:application user name
The row persists until either you drop the trusted user or the permanent user.
- TrustUserId
- ProxyUser=space_characters
- TrustOnly=Y
Vantage also updates all rows in DBC.ConnectRulesTbl with the value for TrustUserId=specified_TrustUserID to set TrustOnly=Y.
When you revoke WITH TRUST_ONLY from a trusted user, Vantage updates all rows in DBC.ConnectRulesTbl where TrustUserId=specified_TrustUserID to set TrustOnly=N.
To provide an audit trail for the management of the rules, Vantage retains the row if the privilege is revoked, but does not drop the user.
- If DBC.ConnectRulesTbl.GrantStatus is set to G, then the TRUST_ONLY privilege is granted to trusted_user.
- If DBC.ConnectRulesTbl.GrantStatus is set to R, then TRUST_ONLY privilege is revoked from trusted_user.