Learn about object Ownership in Firebolt.
Ownership allows users to perform all operations on objects they created without having to manually grant privileges for these operations. This provides a smoother user experience because objects are immediately available to use once created. These operations include granting privileges on owned objects.
Firebolt implements ownership at two distinct levels:
These two ownership levels are isolated from each other— you cannot make a user the owner of an organization-level object, and you cannot make a login or service account the owner of an account-level object.
The account-level object types that support ownership are:
The organization-level object types that support ownership are:
The current owner of an object can be viewed in the corresponding information_schema view:
Object | View |
---|---|
Role | N/A |
User | information_schema.users |
Database | information_schema.catalogs |
Engine | information_schema.engines |
Schema | information_schema.schemata |
Table | information_schema.tables |
View | information_schema.views or information_schema.tables |
Index ownership, shown in information_schema.indexes, will always show the table owner as an index’s owner.
Object | View |
---|---|
Organization | information_schema.organization |
Account | information_schema.accounts |
Login | information_schema.logins |
Service Account | information_schema.service_accounts |
Network Policy | information_schema.network_policies |
The owner of an account-level object may alter its ownership using the following syntax:
Examples:
The owner of an organization-level object may alter its ownership using the following syntax:
Where <identity>
refers to a login or service account.
Examples:
Any objects owned by a user must first be dropped or have their owner changed before dropping the user.
A table owner can drop the table even if there are views referencing it that are not owned by the table’s owner, using the CASCADE
parameter to DROP TABLE.
Similarly, any organization-level objects owned by a login or service account must first be dropped or have their owner changed before dropping the login or service account.
You can use the user interface in the Firebolt Workspace to transfer ownership of objects as follows:
Ownership transfer using the Firebolt Workspace is not available for Schema
, Table
, and View
objects. These must be modified using SQL commands in the Develop Workspace or using the Firebolt API.
The Firebolt Workspace currently only supports managing ownership for account-level objects. Organization-level object ownership must be managed using SQL commands.