Privilege | Description | GRANT Syntax | REVOKE Syntax |
---|---|---|---|
MODIFY | Grants the ability to modify location objects owned by the role. | GRANT MODIFY ON LOCATION <location_name> TO <role>; | REVOKE MODIFY ON LOCATION <location_name> FROM <role>; |
USAGE | Grants the ability to use location objects without seeing credentials. | GRANT USAGE ON LOCATION <location_name> TO <role>; | REVOKE USAGE ON LOCATION <location_name> FROM <role>; |
Secret management
Location permissions provide a secure way to manage access to sensitive credentials. When a role has USAGE permission on a location:- The role can use the location’s credentials to access external data sources
- The role cannot view or extract the actual credentials stored in the location
- The credentials remain hidden in all system views and logs
Examples of granting location permissions
The following code examples show how to grant various location-related permissions:MODIFY permission
The following code example grants rolemy_role
permission to modify the loc
location:
USAGE permission
The following code example grants rolemy_role
permission to use the loc
location: