Changes to a CONNECT THROUGH privilege definition are effective immediately, so the next request submitted in a proxy connection following a change to a CONNECT THROUGH privilege uses the new definition.
When roles are dropped, they are also removed from the CONNECT THROUGH privilege definition, so it is possible for a rule to be left with no roles defined for it. When you drop all of the roles that were assigned to a CONNECT THROUGH privilege definition, Teradata Database grants the affected proxy users PUBLIC privileges only.