ALTER DEFAULT PRIVILEGES to grant or revoke permissions that automatically apply to new schemas.
Only schemas are supported at this time. Default privileges for databases and tables are not currently available.
Syntax
Parameters
| Parameter | Description |
|---|---|
<privilege> | The privilege to grant or revoke. Can be USAGE, CREATE, ALL, or other schema-level privileges. |
<role_name> | The role to grant the privilege to or revoke the privilege from. |
Supported privileges
Only schema privileges can be granted usingALTER DEFAULT PRIVILEGES. The following privileges are supported:
USAGE- Allows access to schemas and their contentsCREATE- Allows creating objects within schemasALL- Grants all available schema privileges
Limitations
- Scope: Default privileges are granted at the account scope only.
- Object types: Only schemas are supported.
Notes
- Default privileges only apply to objects created after the
ALTER DEFAULT PRIVILEGEScommand is executed. Existing objects are not affected. - You must have the privilege you are granting in order to set it as a default privilege.
- Only account administrators and role owners can modify default privileges.
- Default privileges are stored in the
information_schema.object_default_privilegesview.
Examples
Grant default USAGE privilege on future schemas The following example grants theUSAGE privilege on all future schemas created by the current role to user_role:
USAGE privilege on future schemas from user_role:
power_user_role:
Related commands
- RBAC guide - Provides overview of the system capabilities
- GRANT - Grant privileges on existing objects
- REVOKE - Revoke privileges from existing objects
- CREATE ROLE - Create a new role