Learn about the permissions that can be assigned to tables in Firebolt, including controlling access to table data and managing table-level operations.
Privilege | Description | GRANT Syntax | REVOKE Syntax |
---|---|---|---|
SELECT | Allows selecting rows from the table. | GRANT SELECT ON TABLE <table_name> TO <role_name>; | REVOKE SELECT ON TABLE <table_name> FROM <role_name>; |
INSERT | Allows inserting rows into the table. Applies to managed tables only. | GRANT INSERT ON TABLE <table_name> TO <role_name>; | REVOKE INSERT ON TABLE <table_name> FROM <role_name>; |
MODIFY | Allows modifying and dropping the table. | GRANT MODIFY ON TABLE <table_name> TO <role_name>; | REVOKE MODIFY ON TABLE <table_name> FROM <role_name>; |
DELETE | Allows deleting rows and dropping partitions from the table. Applies to managed tables only. | GRANT DELETE ON TABLE “<table_name>” TO <role_name>; | REVOKE DELETE ON TABLE “<table_name>” FROM <role_name>; |
UPDATE | Allows updating rows in the table. Applies to managed tables only. | GRANT UPDATE ON TABLE <table_name> TO <role_name>; | REVOKE UPDATE ON TABLE <table_name> FROM <role_name>; |
TRUNCATE | Allows truncating a table. Applies to managed tables only. | GRANT TRUNCATE ON TABLE <table_name> TO <role_name>; | REVOKE TRUNCATE ON TABLE <table_name> FROM <role_name>; |
VACUUM | Allows running the VACUUM operation. Applies to managed tables only. | GRANT VACUUM ON TABLE <table_name> TO <role_name>; | REVOKE VACUUM ON TABLE <table_name> FROM <role_name>; |
ALL [PRIVILEGES] | Grants all privileges over the table to a role. | GRANT ALL ON TABLE <table_name> TO <role_name>; | REVOKE ALL ON TABLE <table_name> FROM <role_name>; |
MODIFY
permission on the table.CREATE
permission on the parent schema.USAGE
permission on the parent schema.USAGE
permission on the parent database.MODIFY
permission on the table.USAGE
permission on the parent schema.USAGE
permission on the parent database.GRANT
to grant permissions. You can also replace GRANT
with REVOKE in any of the examples to remove any granted privileges.
developer_role
permission to read data from the games
table:
developer_role
permissions to insert rows into the games
table:
developer_role
permission to alter or drop the games
table:
developer_role
permission to delete rows or partitions from the games
table:
developer_role
permission to update rows in the games
table:
developer_role
permission to truncate the games
table, removing all rows:
developer_role
permission to run the VACUUM
operation on the games
table:
developer_role
with all permissions on the table games
: