> ## Documentation Index > Fetch the complete documentation index at: https://docs.firebolt.io/llms.txt > Use this file to discover all available pages before exploring further. ## Submitting Feedback If you encounter incorrect, outdated, or confusing documentation on this page, submit feedback: POST https://docs.firebolt.io/feedback ```json { "path": "/overview/security/rbac/database-permissions", "feedback": "Description of the issue" } ``` Only submit feedback when you have something specific and actionable to report. > Understand the permissions that can be assigned at the database level in Firebolt, including controlling access to database objects and managing database-level operations. # Database permissions In Firebolt, a **database** is a logical container that organizes your data warehouse by holding components such as **tables**, **views**, **indexes**, and other database objects, as shown in the following diagram: Firebolt's object model contains schema under databases, and tables, views, and indexes under schema. Database-level permissions define what actions roles can perform within a database and its associated objects. ## Database-level privileges | Privilege | Description | GRANT Syntax | REVOKE Syntax | | ------------------------------------------------------------ | ----------------------------------------------------------------------- | --------------------------------------------------------------- | ------------------------------------------------------------------ | | USAGE | Allows access to the database and enables attaching engines to it. | `GRANT USAGE ON DATABASE TO ;` | `REVOKE USAGE ON DATABASE FROM ;` | | MODIFY | Allows altering database properties and dropping the database. | `GRANT MODIFY ON DATABASE TO ;` | `REVOKE MODIFY ON DATABASE FROM ;` | | USAGE ANY SCHEMA | Allows access to all current and future schemas within the database. | `GRANT USAGE ANY SCHEMA ON DATABASE TO ;` | `REVOKE USAGE ANY SCHEMA ON DATABASE FROM ;` | | [VACUUM](/reference-sql/commands/data-management/vacuum) ANY | Allows running the `VACUUM` operation on all current and future tables. | `GRANT VACUUM ANY ON DATABASE TO ;` | `REVOKE VACUUM ANY ON DATABASE FROM ;` | | ALL \[PRIVILEGES] | Grants all direct privileges over the database to a role. | `GRANT ALL ON DATABASE TO ;` | `REVOKE ALL ON DATABASE FROM ;` | ## Examples of granting database permissions ### USAGE permission The following code example [grants](/reference-sql/commands/access-control/grant) the role `developer_role` access to use the specified database: ```sql theme={"theme":{"light":"github-light","dark":"github-dark"}} GRANT USAGE ON DATABASE "database-1" TO developer_role; ``` ### MODIFY permission The following code example gives the role `developer_role` permission to alter properties or drop the specified database: ```sql theme={"theme":{"light":"github-light","dark":"github-dark"}} GRANT MODIFY ON DATABASE "database-1" TO developer_role; ``` ### USAGE ANY SCHEMA permission The following code example grants the role `developer_role` access to all current and future schemas within the specified database: ```sql theme={"theme":{"light":"github-light","dark":"github-dark"}} GRANT USAGE ANY SCHEMA ON DATABASE "database-1" TO developer_role; ``` ### VACUUM ANY permission The following code example gives the role `developer_role` permission to run [VACUUM](/reference-sql/commands/data-management/vacuum) operations on all current and future tables in the specified database: ```sql theme={"theme":{"light":"github-light","dark":"github-dark"}} GRANT VACUUM ANY ON DATABASE "database-1" TO developer_role; ``` ### ALL permissions The following code example gives the role `developer_role` all the direct permissions over database `database-1`: ```sql theme={"theme":{"light":"github-light","dark":"github-dark"}} GRANT ALL ON DATABASE "database-1" TO developer_role; ```