Learn about account-level permissions in Firebolt.
Privilege | Description | GRANT Syntax | REVOKE Syntax |
---|---|---|---|
CREATE DATABASE | Allows creating new databases in an account. | GRANT CREATE DATABASE ON ACCOUNT <account_name> TO <role>; | REVOKE CREATE DATABASE ON ACCOUNT <account_name> FROM <role>; |
USAGE ANY DATABASE | Allows using all current and future databases in an account. | GRANT USAGE ANY DATABASE ON ACCOUNT <account_name> TO <role>; | REVOKE USAGE ANY DATABASE ON ACCOUNT <account_name> FROM <role>; |
MODIFY ANY DATABASE | Allows editing all current and future databases in an account. | GRANT MODIFY ANY DATABASE ON ACCOUNT <account_name> TO <role>; | REVOKE MODIFY ANY DATABASE ON ACCOUNT <account_name> FROM <role>; |
CREATE ENGINE | Allows creating new engines in an account. | GRANT CREATE ENGINE ON ACCOUNT <account_name> TO <role>; | REVOKE CREATE ENGINE ON ACCOUNT <account_name> FROM <role>; |
USAGE ANY ENGINE | Allows using all current and future engines in an account. | GRANT USAGE ANY ENGINE ON ACCOUNT <account_name> TO <role>; | REVOKE USAGE ANY ENGINE ON ACCOUNT <account_name> FROM <role>; |
OPERATE ANY ENGINE | Allows starting and stopping all current and future engines in the account. | GRANT OPERATE ANY ENGINE ON ACCOUNT <account_name> TO <role>; | REVOKE OPERATE ANY ENGINE ON ACCOUNT <account_name> FROM <role>; |
MODIFY ANY ENGINE | Allows editing all current and future engines in the account. | GRANT MODIFY ANY ENGINE ON ACCOUNT <account_name> TO <role>; | REVOKE MODIFY ANY ENGINE ON ACCOUNT <account_name> FROM <role>; |
MONITOR [ANY USAGE] | Enables the tracking of engine queries through the engine_running_queries view for active queries and the engine_query_history view for past queries in information_schema . | GRANT MONITOR ANY USAGE ON ACCOUNT <account_name> TO <role>; | REVOKE MONITOR ANY USAGE ON ACCOUNT <account_name> FROM <role>; |
CREATE ROLE | Allows creating new roles in the account. | GRANT CREATE ROLE ON ACCOUNT <account_name> TO <role>; | REVOKE CREATE ROLE ON ACCOUNT <account_name> FROM <role>; |
MODIFY ANY ROLE | Allows editing all current and future roles in the account. | GRANT MODIFY ANY ROLE ON ACCOUNT <account_name> TO <role>; | REVOKE MODIFY ANY ROLE ON ACCOUNT <account_name> FROM <role>; |
CREATE USER | Allows creating new users in the account. | GRANT CREATE USER ON ACCOUNT <account_name> TO <role>; | REVOKE CREATE USER ON ACCOUNT <account_name> FROM <role>; |
MODIFY ANY USER | Allows editing all current and future users in the account. | GRANT MODIFY ANY USER ON ACCOUNT <account_name> TO <role>; | REVOKE MODIFY ANY USER ON ACCOUNT <account_name> FROM <role>; |
CREATE LOCATION | Allows creating new location objects in the account. | GRANT CREATE LOCATION ON ACCOUNT <account_name> TO <role>; | REVOKE CREATE LOCATION ON ACCOUNT <account_name> FROM <role>; |
MODIFY ANY LOCATION | Allows editing all current and future locations in the account. | GRANT MODIFY ANY LOCATION ON ACCOUNT <account_name> TO <role>; | REVOKE MODIFY ANY LOCATION ON ACCOUNT <account_name> FROM <role>; |
USAGE ANY LOCATION | Allows using all current and future locations in the account. | GRANT USAGE ANY LOCATION ON ACCOUNT <account_name> TO <role>; | REVOKE USAGE ANY LOCATION ON ACCOUNT <account_name> FROM <role>; |
ALL [PRIVILEGES] | Grants all direct privileges for a specified account to a specified role. | GRANT ALL ON ACCOUNT <account_name> TO <role>; | REVOKE ALL ON ACCOUNT <account_name> FROM <role>; |
developer_role
permission to create new databases within the account_name
:
developer_role
to access all current and future databases within the account_name
:
developer_role
permission to modify or delete all current and future databases within the account_name
:
developer_role
permission to create new engines within the account_name
:
developer_role
permission to use all current and future engines within the account_name
:
developer_role
permission to start and stop all current and future engines within the account_name
:
developer_role
permission to modify or delete all current and future engines within the account_name
:
developer_role
permission to create new roles within the account_name
:
developer_role
permission to modify or delete all current and future roles within the account_name
:
developer_role
permission to create new users within the account_name
:
developer_role
permission to modify or delete all current and future users within the account_name
:
developer_role
permission to see the query history and currently running queries on all the engines within account_name
:
my_role
permission to create locations:
my_role
permission to modify or delete all current and future locations within the my_account
:
my_role
permission to use all current and future locations within the my_account
: