Learn about role-based access control (RBAC) in Firebolt, including how to define and manage roles, assign permissions, and control access to database resources.
Firebolt uses Role-Based Access Control (RBAC) to manage permissions and ensure that users and roles have only the necessary access to perform operations within the system. RBAC follows the principle of least privilege, where access is restricted to the minimum required for tasks.
Permissions in Firebolt are managed through roles, which control access to databases, schemas, tables, engines, and other objects. Permissions propagate from higher-level objects to their related objects, simplifying access management.
With RBAC you can:
Firebolt uses an object model to organize resources in a way that complements how organizations manage their data warehouses. This model enforces a one-to-many structure where:
Objects in the Firebolt object model are securable and come with a set of permissions, enabling administrators to control what identities they have access to when accessing their Firebolt cluster.
For more information about the organizational and account structure in Firebolt’s object model , see Organization and accounts.
Firebolt divides objects into global and regional types, depending on their scope and management level.
Global objects: Managed globally at the organization level, they can contain objects that are deployed and grouped regionally, including the following:
Regional objects: Tied to specific regions grouped under an account, they can include the following:
Firebolt provides the organization_admin role to manage organizational resources. While granular RBAC is currently only available at the account level, Firebolt plans to include making RBAC available at the organizational level in a future release.
For more information about Firebolt’s RBAC model & how to administer your Firebolt cluster, see the next sections: