REVOKE CONNECT THROUGH Statement | SQL Data Control Language | Teradata Vantage - REVOKE CONNECT THROUGH - Advanced SQL Engine

REVOKE CONNECT THROUGH Statement | SQL Data Control Language | Teradata Vantage - REVOKE CONNECT THROUGH - Advanced SQL Engine - Teradata Database

SQL Data Control Language

Product

Advanced SQL Engine

Teradata Database

Release Number

17.05

17.00

Published

June 2020

Language

English (United States)

Last Update

2021-01-24

dita:mapPath

lmb1556233084626.ditamap

dita:ditavalPath

lze1555437562152.ditaval

dita:id

B035-1149

lifecycle

Product Category

Teradata® Vantage™ NewSQLEngine

Revokes an existing proxy CONNECT THROUGH privilege from a permanent user or application user.

Required Privileges

You must have the CTCONTROL privilege (see CTCONTROL Privilege) to perform a REVOKE CONNECT THROUGH request.

If the request specifies a WITH ROLE clause, you must also have the WITH ADMIN OPTION privilege on each of the roles specified in the clause.

Syntax

REVOKE CONNECT THROUGH trusted_user_name {

  { { TO | FROM }

      { application_user_name [,...]
        [ WITH ROLE role_name [,...] ]
        [ WITH PROFILE profile_name ] |

        PERMANENT permanent_user_name [,...]
        [ WITH ROLE role_name [,...] ]
      }
  } |

  WITH TRUST ONLY
} [;]

Syntax Elements

trusted_user_name: The name of the trusted user whose CONNECT THROUGH privilege is being revoked.
WITH TRUST_ONLY: Removes the TrustOnly flag from the trusted_user_name.; This option is valid only when submitted for a trusted user.; The TrustOnly option requires that a trusted user must submit SET QUERY_BAND requests that set or update a proxy user from a trusted request.
application_user_name: The name of an application user from whom the proxy logon privileges granted through trusted_user_name are being revoked.; If you do not specify a WITH ROLE clause, the request revokes the connect privilege for the specified application user.; You can specify a maximum of 25 names in a single revoke request.
permanent_user_name: The name of a permanent user from whom the proxy logon privileges granted through trusted_user_name are being revoked.; If you do not specify a WITH ROLE clause, the request revokes the connect privilege for each permanent user from the trusted user.; You can specify a maximum of 25 names in a single revoke request.
role_name: A list of role names to be removed from the CONNECT THROUGH privilege granted to trusted_user_name.; If you remove all roles that have been granted the CONNECT THROUGH privilege for the specified permanent or application user, then the system revokes the entire privilege for the specified permanent or application user.; Similarly, if you do not specify a WITH ROLE clause, then the system revokes the entire privilege for the specified permanent or application user.
profile_name: Removes the profile from the application_user_name proxy user for trusted_user_name but leaves the rule granted. Removing the profile or revoking the entire rule removes the associated rows for the proxy user from the DBC.databasespace table.

Example of Revoking the CONNECT THROUGH Privilege

The following REVOKE CONNECT request revokes the CONNECT THROUGH privilege that had been granted to permanent user sbd with the role admin through trusted user pls:

REVOKE CONNECT THROUGH pls FROM PERMANENT sbd WITH ROLE admin;