View permissions
In Firebolt, views are objects that allow users to query data from one or more underlying tables or views. Permissions on these views determine who can interact with the view and what actions they can perform.
To interact with a view, roles must also have USAGE permissions on the parent schema and the parent database.
View-level privileges
| Privilege | Description | GRANT Syntax | REVOKE Syntax |
|---|---|---|---|
| SELECT | Allows selecting from the view. | GRANT SELECT ON <view_name> TO <role_name>; | REVOKE SELECT ON <view_name> FROM <role_name>; |
| MODIFY | Allows modifying and dropping the view. | GRANT MODIFY ON <view_name> TO <role_name>; | REVOKE MODIFY ON <view_name> FROM <role_name>; |
Views are created at the schema level. To grant privileges to create views, refer to the schema-level privileges documentation.
Examples of granting view permissions
SELECT permission
To allow querying data from a view, the role must have SELECT privileges on the view. Additionally, the view owner must have SELECT privileges on all underlying tables or views referenced within the view.
The following examples grant the role read_role permission to query data from the viewtest view and ensure the view_owner has the necessary permission to read data from the referenced_table table, allowing the view to function correctly.
-- Grant SELECT on the view to a user:
GRANT SELECT ON VIEW "viewtest" TO read_role;
-- Grant SELECT on the referenced table to the view owner:
GRANT SELECT ON TABLE "referenced_table" TO view_owner;
If the view owner loses access to any of these referenced objects, users with SELECT on the view will no longer be able to query it, even if their SELECT privilege remains.
MODIFY permission
The following code example grants the role read_role permission to alter or drop the viewtest view:
GRANT MODIFY ON VIEW "viewtest" TO read_role;