Engine Permissions

In Firebolt, an engine is a compute resource that processes data and serves queries. Engines provide full workload isolation, allowing multiple workloads to run independently while sharing access to the same data. Engines are also decoupled from databases, which means:

An engine can connect to multiple databases.
A database can be accessed by multiple engines.

The following table outlines the privileges that can be granted for engines within a particular account:

Privilege	Description	GRANT Syntax	REVOKE Syntax
USAGE	Allows using an engine to run queries.	`GRANT USAGE ON ENGINE <engine_name> TO <role>;`	`REVOKE USAGE ON ENGINE <engine_name> FROM <role>;`
OPERATE	Allows stopping and starting an engine.	`GRANT OPERATE ON ENGINE <engine_name> TO <role>;`	`REVOKE OPERATE ON ENGINE <engine_name> FROM <role>;`
MODIFY	Allows altering engine properties or dropping the engine.	`GRANT MODIFY ON ENGINE <engine_name> TO <role>;`	`REVOKE MODIFY ON ENGINE <engine_name> FROM <role>;`
MONITOR [USAGE]	Enables the tracking of engine queries through the `engine_running_queries` view for active queries and the `engine_query_history` view for past queries in `information_schema`.	`GRANT MONITOR USAGE ON ENGINE <engine_name> TO <role>;`	`REVOKE MONITOR USAGE ON ENGINE <engine_name> FROM <role>;`
ALL [PRIVILEGES]	Grants all privileges over the engine to a role.	`GRANT ALL ON ENGINE <engine_name> TO <role>;`	`REVOKE ALL ON ENGINE <engine_name> FROM <role>;`

If a user lacks USAGE and OPERATE privileges for an engine, they will not be able to select or interact with the engine via the Firebolt UI.

Examples of granting engine permissions

USAGE permission

The following code example grants the role developer_role permission to use the myEngine engine for executing queries:

GRANT USAGE ON ENGINE "myEngine" TO developer_role;

OPERATE permission

The following code example gives the role developer_role permission to start and stop the myEngine engine:

GRANT OPERATE ON ENGINE "myEngine" TO developer_role;

MODIFY permission

The following code example grants the role developer_role permission to alter properties or drop the myEngine engine:

GRANT MODIFY ON ENGINE "myEngine" TO developer_role;

MONITOR [USAGE] permission

The following code example grants the role developer_role permission to see the query history and currently running queries for the engine myEngine:

GRANT MONITOR USAGE ON ENGINE "myEngine" TO developer_role;

ALL permissions

The following code example grants the role developer_role with all engine permissions on myEngine:

GRANT ALL ON ENGINE "myEngine" TO developer_role;

What is Firebolt?

Overview

Performance and Observability

Guides

SQL reference

General reference

API reference

Examples of granting engine permissions

USAGE permission

OPERATE permission

MODIFY permission

MONITOR [USAGE] permission

ALL permissions

What is Firebolt?

Overview

Performance and Observability

Guides

SQL reference

General reference

API reference

​Examples of granting engine permissions

​USAGE permission

​OPERATE permission

​MODIFY permission

​MONITOR [USAGE] permission

​ALL permissions

Examples of granting engine permissions

USAGE permission

OPERATE permission

MODIFY permission

MONITOR [USAGE] permission

ALL permissions