In Firebolt, a user is associated with a login or service account, which grants them access to that account. You can assign a role to a user, and the role determines the specific actions they are authorized to perform within the account.

The following table outlines the privileges that can be granted for users within a particular account:

PrivilegeDescriptionGRANT SyntaxREVOKE Syntax
MODIFYGrants the ability to drop the specified user.GRANT MODIFY ON USER <user_name> TO <role>;REVOKE MODIFY ON USER <user_name> FROM <role>;

Users can modify most of their own account settings without requiring RBAC permissions, except when altering LOGIN configurations or a SERVICE ACCOUNT.

Examples of granting user permissions

MODIFY permission

The following code example grants the role developer_role permission to drop the my_user user:

GRANT MODIFY ON USER my_user TO developer_role;