> ## Documentation Index
> Fetch the complete documentation index at: https://docs.firebolt.io/llms.txt
> Use this file to discover all available pages before exploring further.
## Submitting Feedback
If you encounter incorrect, outdated, or confusing documentation on this page, submit feedback:
POST https://docs.firebolt.io/feedback
```json
{
"path": "/reference-sql/commands/access-control/alter-default-privileges",
"feedback": "Description of the issue"
}
```
Only submit feedback when you have something specific and actionable to report.
> Reference and syntax for the ALTER DEFAULT PRIVILEGES command.
# ALTER DEFAULT PRIVILEGES
Modifies the default privileges that apply to objects created in the future. Use `ALTER DEFAULT PRIVILEGES` to grant or revoke permissions that automatically apply to new schemas.
Only schemas are supported at this time. Default privileges for databases and tables are not currently available.
For more information, see [Role-based access control](/overview/security/rbac#default-privileges).
## Syntax
```sql theme={"theme":{"light":"github-light","dark":"github-dark"}}
ALTER DEFAULT PRIVILEGES
{ GRANT | REVOKE }
ON SCHEMAS
{ TO | FROM }
```
## Parameters
| Parameter | Description |
| :------------ | :--------------------------------------------------------------------------------------------------- |
| `` | The privilege to grant or revoke. Can be `USAGE`, `CREATE`, `ALL`, or other schema-level privileges. |
| `` | The role to grant the privilege to or revoke the privilege from. |
## Supported privileges
Only schema privileges can be granted using `ALTER DEFAULT PRIVILEGES`. The following privileges are supported:
| Privilege | Description | GRANT Syntax | REVOKE Syntax |
| ---------------------------------------------------------------------- | --------------------------------------------------------------------------------- | ------------------------------------------------------------------------ | --------------------------------------------------------------------------- |
| USAGE | Allows access to the schema and its objects | `GRANT USAGE ON SCHEMA public IN TO ;` | `REVOKE USAGE ON SCHEMA public IN FROM ;` |
| MODIFY | Allows altering the schema properties, including renaming or dropping the schema. | `GRANT MODIFY ON SCHEMA public IN TO ;` | `REVOKE MODIFY ON SCHEMA public IN FROM ;` |
| CREATE | Allows creating new objects, such as tables and views, within the schema. | `GRANT CREATE ON SCHEMA public IN TO ;` | `REVOKE CREATE ON SCHEMA public IN FROM ;` |
| [DELETE](/reference-sql/commands/data-management/delete) ANY | Allows deleting rows and partitions from all current and future tables. | `GRANT DELETE ANY ON SCHEMA public IN TO ;` | `REVOKE DELETE ANY ON SCHEMA public IN FROM ;` |
| [INSERT](/reference-sql/commands/data-management/insert) ANY | Allows inserting rows into all current and future tables within the schema. | `GRANT INSERT ANY ON SCHEMA public IN TO ;` | `REVOKE INSERT ANY ON SCHEMA public IN FROM ;` |
| [UPDATE](/reference-sql/commands/data-management/update) ANY | Allows updating rows in all current and future tables within the schema. | `GRANT UPDATE ANY ON SCHEMA public IN TO ;` | `REVOKE UPDATE ANY ON SCHEMA public IN FROM ;` |
| [TRUNCATE](/reference-sql/commands/data-management/truncate-table) ANY | Allows truncating all current and future tables within the schema. | `GRANT TRUNCATE ANY ON SCHEMA public IN TO ;` | `REVOKE TRUNCATE ANY ON SCHEMA public IN FROM ;` |
| [VACUUM](/reference-sql/commands/data-management/vacuum) ANY | Allows running the `VACUUM` operation on all current and future tables. | `GRANT VACUUM ANY ON SCHEMA public IN TO ;` | `REVOKE VACUUM ANY ON SCHEMA public IN FROM ;` |
| MODIFY ANY | Allows modifying or dropping all current and future objects in the schema. | `GRANT MODIFY ANY ON SCHEMA public IN TO ;` | `REVOKE MODIFY ANY ON SCHEMA public IN FROM ;` |
| SELECT ANY | Allows reading data from all current and future objects within the schema. | `GRANT SELECT ANY ON SCHEMA public IN TO ;` | `REVOKE SELECT ANY ON SCHEMA public IN FROM ;` |
| ALL \[PRIVILEGES] | Grants all direct privileges over the schema to a role. | `GRANT ALL ON SCHEMA public IN TO ;` | `REVOKE ALL ON SCHEMA public IN FROM ;` |
For more information about schema privileges, see [Schema permissions](/overview/security/rbac/database-permissions/schema-permissions).
## Limitations
* **Scope**: Default privileges are granted at the account scope only.
* **Object types**: Only schemas are supported.
## Notes
* Default privileges only apply to objects created after the `ALTER DEFAULT PRIVILEGES` command is executed. Existing objects are not affected.
* You must have the privilege you are granting in order to set it as a default privilege.
* Only account administrators and role owners can modify default privileges.
* Default privileges are stored in the `information_schema.object_default_privileges` view.
## Examples
**Grant default USAGE privilege on future schemas**
The following example grants the `USAGE` privilege on all future schemas created by the current role to `user_role`:
```sql theme={"theme":{"light":"github-light","dark":"github-dark"}}
ALTER DEFAULT PRIVILEGES GRANT USAGE ON SCHEMAS TO user_role;
```
**Revoke default privileges**
The following example revokes the `USAGE` privilege on future schemas from `user_role`:
```sql theme={"theme":{"light":"github-light","dark":"github-dark"}}
ALTER DEFAULT PRIVILEGES REVOKE USAGE ON SCHEMAS FROM user_role;
```
**Grant all default privileges**
The following example grants all available privileges on future schemas to `power_user_role`:
```sql theme={"theme":{"light":"github-light","dark":"github-dark"}}
ALTER DEFAULT PRIVILEGES GRANT ALL ON SCHEMAS TO power_user_role;
```
## Related commands
* [RBAC guide](/guides/security/rbac) - Provides overview of the system capabilities
* [GRANT](/reference-sql/commands/access-control/grant) - Grant privileges on existing objects
* [REVOKE](/reference-sql/commands/access-control/revoke) - Revoke privileges from existing objects
* [CREATE ROLE](/reference-sql/commands/access-control/create-role) - Create a new role