Revokes an existing proxy CONNECT THROUGH privilege from a permanent user or application user.
Required Privileges
You must have the CTCONTROL privilege (see CTCONTROL Privilege) to perform a REVOKE CONNECT THROUGH request.
If the request specifies a WITH ROLE clause, you must also have the WITH ADMIN OPTION privilege on each of the roles specified in the clause.
Syntax
REVOKE CONNECT THROUGH trusted_user_name { { { TO | FROM } { application_user_name [,...] [ WITH ROLE role_name [,...] ] [ WITH PROFILE profile_name ] | PERMANENT permanent_user_name [,...] [ WITH ROLE role_name [,...] ] } } | WITH TRUST ONLY } [;]
Syntax Elements
- trusted_user_name
- The name of the trusted user whose CONNECT THROUGH privilege is being revoked.
- WITH TRUST_ONLY
- Removes the TrustOnly flag from the trusted_user_name.
- application_user_name
- The name of an application user from whom the proxy logon privileges granted through trusted_user_name are being revoked.
- permanent_user_name
- The name of a permanent user from whom the proxy logon privileges granted through trusted_user_name are being revoked.
- role_name
- A list of role names to be removed from the CONNECT THROUGH privilege granted to trusted_user_name.
- profile_name
- Removes the profile from the application_user_name proxy user for trusted_user_name but leaves the rule granted. Removing the profile or revoking the entire rule removes the associated rows for the proxy user from the DBC.databasespace table.
Example of Revoking the CONNECT THROUGH Privilege
The following REVOKE CONNECT request revokes the CONNECT THROUGH privilege that had been granted to permanent user sbd with the role admin through trusted user pls:
REVOKE CONNECT THROUGH pls FROM PERMANENT sbd WITH ROLE admin;