In Firebolt, a user is associated with a login or service account, which grants them access to that account. You can assign a role to a user, and the role determines the specific actions they are authorized to perform within the account. The following table outlines the privileges that can be granted for users within a particular account:
PrivilegeDescriptionGRANT SyntaxREVOKE Syntax
MODIFYGrants the ability to drop the specified user.GRANT MODIFY ON USER <user_name> TO <role>;REVOKE MODIFY ON USER <user_name> FROM <role>;
Users can modify most of their own account settings without requiring RBAC permissions, except when altering LOGIN configurations or a SERVICE ACCOUNT.

Examples of granting user permissions

MODIFY permission

The following code example grants the role developer_role permission to drop the my_user user:
GRANT MODIFY ON USER my_user TO developer_role;