In short: no, capability changes made to a key do not affect connections currently open. You would have to close and re-open the connection to see the change.

Effectively, once created, it's best to think of keys and tokens as being immutable. Changes to permissions granted to existing connections are best handled by using token authentication and granting the client a new token with the permissions you now want it to have -- see Recommendations for incrementally authorising new capabilities .

The one exception is if a key is revoked entirely, on which event all connections using that key (or a token derived from that key) will be forcibly terminated.