- An engine can connect to multiple databases.
- A database can be accessed by multiple engines.
| Privilege | Description | GRANT Syntax | REVOKE Syntax |
|---|---|---|---|
| USAGE | Allows using an engine to run queries. | GRANT USAGE ON ENGINE <engine_name> TO <role>; | REVOKE USAGE ON ENGINE <engine_name> FROM <role>; |
| OPERATE | Allows stopping and starting an engine. | GRANT OPERATE ON ENGINE <engine_name> TO <role>; | REVOKE OPERATE ON ENGINE <engine_name> FROM <role>; |
| MODIFY | Allows altering engine properties or dropping the engine. | GRANT MODIFY ON ENGINE <engine_name> TO <role>; | REVOKE MODIFY ON ENGINE <engine_name> FROM <role>; |
| MONITOR [USAGE] | Enables the tracking of engine queries through the engine_running_queries view for active queries and the engine_query_history view for past queries in information_schema. | GRANT MONITOR USAGE ON ENGINE <engine_name> TO <role>; | REVOKE MONITOR USAGE ON ENGINE <engine_name> FROM <role>; |
| ALL [PRIVILEGES] | Grants all privileges over the engine to a role. | GRANT ALL ON ENGINE <engine_name> TO <role>; | REVOKE ALL ON ENGINE <engine_name> FROM <role>; |
If a user lacks USAGE and OPERATE privileges for an engine, they will not be able to select or interact with the engine via the Firebolt UI.
Examples of granting engine permissions
USAGE permission
The following code example grants the roledeveloper_role permission to use the myEngine engine for executing queries:
OPERATE permission
The following code example gives the roledeveloper_role permission to start and stop the myEngine engine:
MODIFY permission
The following code example grants the roledeveloper_role permission to alter properties or drop the myEngine engine:
MONITOR [USAGE] permission
The following code example grants the roledeveloper_role permission to see the query history and currently running queries for the engine myEngine:
ALL permissions
The following code example grants the roledeveloper_role with all engine permissions on myEngine: