> ## Documentation Index > Fetch the complete documentation index at: https://docs.firebolt.io/llms.txt > Use this file to discover all available pages before exploring further. > Learn about account-level permissions in Firebolt. # Account Permissions Accounts represent the physical instance of your data warehouse in Firebolt and are created in Firebolt-supported regions. All objects within an account—such as databases, engines, roles, and users—are scoped to that specific account. | Privilege | Description | GRANT Syntax | REVOKE Syntax | | ----------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------- | ------------------------------------------------------------------- | | CREATE DATABASE | Allows creating new databases in an account. | `GRANT CREATE DATABASE ON ACCOUNT TO ;` | `REVOKE CREATE DATABASE ON ACCOUNT FROM ;` | | USAGE ANY DATABASE | Allows using all current and future databases in an account. | `GRANT USAGE ANY DATABASE ON ACCOUNT TO ;` | `REVOKE USAGE ANY DATABASE ON ACCOUNT FROM ;` | | MODIFY ANY DATABASE | Allows editing all current and future databases in an account. | `GRANT MODIFY ANY DATABASE ON ACCOUNT TO ;` | `REVOKE MODIFY ANY DATABASE ON ACCOUNT FROM ;` | | [CREATE ENGINE](/reference-sql/commands/engines/create-engine) | Allows creating new engines in an account. | `GRANT CREATE ENGINE ON ACCOUNT TO ;` | `REVOKE CREATE ENGINE ON ACCOUNT FROM ;` | | USAGE ANY ENGINE | Allows using all current and future engines in an account. | `GRANT USAGE ANY ENGINE ON ACCOUNT TO ;` | `REVOKE USAGE ANY ENGINE ON ACCOUNT FROM ;` | | OPERATE ANY ENGINE | Allows starting and stopping all current and future engines in the account. | `GRANT OPERATE ANY ENGINE ON ACCOUNT TO ;` | `REVOKE OPERATE ANY ENGINE ON ACCOUNT FROM ;` | | MODIFY ANY ENGINE | Allows editing all current and future engines in the account. | `GRANT MODIFY ANY ENGINE ON ACCOUNT TO ;` | `REVOKE MODIFY ANY ENGINE ON ACCOUNT FROM ;` | | MONITOR \[ANY USAGE] | Enables the tracking of engine queries through the `engine_running_queries` view for active queries and the `engine_query_history` view for past queries in `information_schema`. | `GRANT MONITOR ANY USAGE ON ACCOUNT TO ;` | `REVOKE MONITOR ANY USAGE ON ACCOUNT FROM ;` | | [CREATE ROLE](/reference-sql/commands/access-control/create-role) | Allows creating new roles in the account. | `GRANT CREATE ROLE ON ACCOUNT TO ;` | `REVOKE CREATE ROLE ON ACCOUNT FROM ;` | | MODIFY ANY ROLE | Allows editing all current and future roles in the account. | `GRANT MODIFY ANY ROLE ON ACCOUNT TO ;` | `REVOKE MODIFY ANY ROLE ON ACCOUNT FROM ;` | | [CREATE USER](/reference-sql/commands/access-control/create-user) | Allows creating new users in the account. | `GRANT CREATE USER ON ACCOUNT TO ;` | `REVOKE CREATE USER ON ACCOUNT FROM ;` | | MODIFY ANY USER | Allows editing all current and future users in the account. | `GRANT MODIFY ANY USER ON ACCOUNT TO ;` | `REVOKE MODIFY ANY USER ON ACCOUNT FROM ;` | | CREATE LOCATION | Allows creating new location objects in the account. | `GRANT CREATE LOCATION ON ACCOUNT TO ;` | `REVOKE CREATE LOCATION ON ACCOUNT FROM ;` | | MODIFY ANY LOCATION | Allows editing all current and future locations in the account. | `GRANT MODIFY ANY LOCATION ON ACCOUNT TO ;` | `REVOKE MODIFY ANY LOCATION ON ACCOUNT FROM ;` | | USAGE ANY LOCATION | Allows using all current and future locations in the account. | `GRANT USAGE ANY LOCATION ON ACCOUNT TO ;` | `REVOKE USAGE ANY LOCATION ON ACCOUNT FROM ;` | | ALL \[PRIVILEGES] | Grants all direct privileges for a specified account to a specified role. | `GRANT ALL ON ACCOUNT TO ;` | `REVOKE ALL ON ACCOUNT FROM ;` | Revoking a privilege removes it from a role but does not explicitly deny the privilege. If the privilege was not previously granted, revoking it has no effect. For more detailed information about location permissions and their usage, see [Location permissions](/overview/security/rbac/location-permissions). ## Examples of granting account-level permissions ### CREATE DATABASE permission The following code example [grants](/reference-sql/commands/access-control/grant) the role `developer_role` permission to create new databases within the `account_name`: ```sql theme={"theme":{"light":"github-light","dark":"github-dark"}} GRANT CREATE DATABASE ON ACCOUNT account_name TO developer_role; ``` ### USAGE ANY DATABASE permission The following code example gives permission to the role `developer_role` to access all current and future databases within the `account_name`: ```sql theme={"theme":{"light":"github-light","dark":"github-dark"}} GRANT USAGE ANY DATABASE ON ACCOUNT account_name TO developer_role; ``` ### MODIFY ANY DATABASE permission The following code example grants the role `developer_role` permission to modify or delete all current and future databases within the `account_name`: ```sql theme={"theme":{"light":"github-light","dark":"github-dark"}} GRANT MODIFY ANY DATABASE ON ACCOUNT account_name TO developer_role; ``` ### [CREATE ENGINE](/reference-sql/commands/engines/create-engine) permission The following code example gives the role `developer_role` permission to create new engines within the `account_name`: ```sql theme={"theme":{"light":"github-light","dark":"github-dark"}} GRANT CREATE ENGINE ON ACCOUNT account_name TO developer_role; ``` ### USAGE ANY ENGINE permission The following code example grants the role `developer_role` permission to use all current and future engines within the `account_name`: ```sql theme={"theme":{"light":"github-light","dark":"github-dark"}} GRANT USAGE ANY ENGINE ON ACCOUNT account_name TO developer_role; ``` ### OPERATE ANY ENGINE permission The following code example gives the role `developer_role` permission to start and stop all current and future engines within the `account_name`: ```sql theme={"theme":{"light":"github-light","dark":"github-dark"}} GRANT USAGE ANY DATABASE ON ACCOUNT account_name TO developer_role; ``` ### MODIFY ANY ENGINE permission The following code example grants the role `developer_role` permission to modify or delete all current and future engines within the `account_name`: ```sql theme={"theme":{"light":"github-light","dark":"github-dark"}} GRANT MODIFY ANY ENGINE ON ACCOUNT account_name TO developer_role; ``` ### [CREATE ROLE](/reference-sql/commands/access-control/create-role) permission The following code example gives the role `developer_role` permission to create new roles within the `account_name`: ```sql theme={"theme":{"light":"github-light","dark":"github-dark"}} GRANT CREATE ROLE ON ACCOUNT account_name TO developer_role; ``` ### MODIFY ANY ROLE permission The following code example grants the role `developer_role` permission to modify or delete all current and future roles within the `account_name`: ```sql theme={"theme":{"light":"github-light","dark":"github-dark"}} GRANT MODIFY ANY ROLE ON ACCOUNT account_name TO developer_role; ``` ### [CREATE USER](/reference-sql/commands/access-control/create-user) permission The following code example gives the role `developer_role` permission to create new users within the `account_name`: ```sql theme={"theme":{"light":"github-light","dark":"github-dark"}} GRANT CREATE USER ON ACCOUNT account_name TO developer_role; ``` ### MODIFY ANY USER permission The following code example grants the role `developer_role` permission to modify or delete all current and future users within the `account_name`: ```sql theme={"theme":{"light":"github-light","dark":"github-dark"}} GRANT MODIFY ANY USER ON ACCOUNT account_name TO developer_role; ``` ### MONITOR \[ANY USAGE] permission The following code example grants the role `developer_role` permission to see the query history and currently running queries on all the engines within `account_name`: ```sql theme={"theme":{"light":"github-light","dark":"github-dark"}} GRANT MONITOR ANY USAGE ON ACCOUNT "account-1" TO developer_role; ``` ### CREATE LOCATION permission The following code example grants role `my_role` permission to create locations: ```sql theme={"theme":{"light":"github-light","dark":"github-dark"}} -- Grant ability to create new locations GRANT CREATE LOCATION ON ACCOUNT "my_account" TO my_role; ``` ### MODIFY ANY LOCATION permission The following code example grants role `my_role` permission to modify or delete all current and future locations within the `my_account`: ```sql theme={"theme":{"light":"github-light","dark":"github-dark"}} -- Grant ability to create new locations GRANT MODIFY ANY LOCATION ON ACCOUNT "my_account" TO my_role; ``` ### USAGE ANY LOCATION permission The following code example grants role `my_role` permission to use all current and future locations within the `my_account`: ```sql theme={"theme":{"light":"github-light","dark":"github-dark"}} -- Grant ability to create new locations GRANT USAGE ANY LOCATION ON ACCOUNT "my_account" TO my_role; ```