> ## Documentation Index
> Fetch the complete documentation index at: https://docs.firebolt.io/llms.txt
> Use this file to discover all available pages before exploring further.

> Understand the permissions that can be assigned at the database level in Firebolt, including controlling access to database objects and managing database-level operations.

# Database permissions

In Firebolt, a **database** is a logical container that organizes your data warehouse by holding components such as **tables**, **views**, **indexes**, and other database objects, as shown in the following diagram:

<div className="ascii-diagram">
  ```text theme={"theme":{"light":"css-variables","dark":"css-variables"}}
                  ┌──────────────┐
                  │ Database     │
                  └──────┬───────┘
                         │
                  ┌──────┴───────┐
                  │ Schema       │
                  └──────┬───────┘
                         │
      ┌────────────┬─────┴───────┬────────────┐
      │            │             │            │
  ┌───┴──────┐ ┌───┴───────┐ ┌───┴──────┐ ┌───┴──────┐
  │ External │ │ Managed   │ │ View     │ │ Index    │
  │ table    │ │ table     │ │          │ │          │
  └──────────┘ └───────────┘ └──────────┘ └──────────┘
  ```
</div>

Database-level permissions define what actions roles can perform within a database and its associated objects.

## Database-level privileges

| Privilege                                                    | Description                                                             | GRANT Syntax                                                    | REVOKE Syntax                                                      |
| ------------------------------------------------------------ | ----------------------------------------------------------------------- | --------------------------------------------------------------- | ------------------------------------------------------------------ |
| USAGE                                                        | Allows access to the database and enables attaching engines to it.      | `GRANT USAGE ON DATABASE <database_name> TO <role>;`            | `REVOKE USAGE ON DATABASE <database_name> FROM <role>;`            |
| MODIFY                                                       | Allows altering database properties and dropping the database.          | `GRANT MODIFY ON DATABASE <database_name> TO <role>;`           | `REVOKE MODIFY ON DATABASE <database_name> FROM <role>;`           |
| USAGE ANY SCHEMA                                             | Allows access to all current and future schemas within the database.    | `GRANT USAGE ANY SCHEMA ON DATABASE <database_name> TO <role>;` | `REVOKE USAGE ANY SCHEMA ON DATABASE <database_name> FROM <role>;` |
| [VACUUM](/reference-sql/commands/data-management/vacuum) ANY | Allows running the `VACUUM` operation on all current and future tables. | `GRANT VACUUM ANY ON DATABASE <database_name> TO <role>;`       | `REVOKE VACUUM ANY ON DATABASE <database_name> FROM <role>;`       |
| ALL \[PRIVILEGES]                                            | Grants all direct privileges over the database to a role.               | `GRANT ALL ON DATABASE <database_name> TO <role>;`              | `REVOKE ALL ON DATABASE <database_name> FROM <role>;`              |

## Examples of granting database permissions

### USAGE permission

The following code example [grants](/reference-sql/commands/access-control/grant) the role `developer_role` access to use the specified database:

```sql theme={"theme":{"light":"css-variables","dark":"css-variables"}}
GRANT USAGE ON DATABASE "database-1" TO developer_role;
```

### MODIFY permission

The following code example gives the role `developer_role` permission to alter properties or drop the specified database:

```sql theme={"theme":{"light":"css-variables","dark":"css-variables"}}
GRANT MODIFY ON DATABASE "database-1" TO developer_role;
```

### USAGE ANY SCHEMA permission

The following code example grants the role `developer_role` access to all current and future schemas within the specified database:

```sql theme={"theme":{"light":"css-variables","dark":"css-variables"}}
GRANT USAGE ANY SCHEMA ON DATABASE "database-1" TO developer_role;
```

### VACUUM ANY permission

The following code example gives the role `developer_role` permission to run [VACUUM](/reference-sql/commands/data-management/vacuum) operations on all current and future tables in the specified database:

```sql theme={"theme":{"light":"css-variables","dark":"css-variables"}}
GRANT VACUUM ANY ON DATABASE "database-1" TO developer_role;
```

### ALL permissions

The following code example gives the role `developer_role` all the direct permissions over database `database-1`:

```sql theme={"theme":{"light":"css-variables","dark":"css-variables"}}
GRANT ALL ON DATABASE "database-1" TO developer_role;
```
