To perform actions on a table, roles must also have USAGE permissions on both the parent schema and the parent database of the table.
Table-level privileges
| Privilege | Description | GRANT Syntax | REVOKE Syntax |
|---|---|---|---|
| SELECT | Allows selecting rows from the table. | GRANT SELECT ON TABLE <table_name> TO <role_name>; | REVOKE SELECT ON TABLE <table_name> FROM <role_name>; |
| INSERT | Allows inserting rows into the table. Applies to managed tables only. | GRANT INSERT ON TABLE <table_name> TO <role_name>; | REVOKE INSERT ON TABLE <table_name> FROM <role_name>; |
| MODIFY | Allows modifying and dropping the table. | GRANT MODIFY ON TABLE <table_name> TO <role_name>; | REVOKE MODIFY ON TABLE <table_name> FROM <role_name>; |
| DELETE | Allows deleting rows and dropping partitions from the table. Applies to managed tables only. | GRANT DELETE ON TABLE “<table_name>” TO <role_name>; | REVOKE DELETE ON TABLE “<table_name>” FROM <role_name>; |
| UPDATE | Allows updating rows in the table. Applies to managed tables only. | GRANT UPDATE ON TABLE <table_name> TO <role_name>; | REVOKE UPDATE ON TABLE <table_name> FROM <role_name>; |
| TRUNCATE | Allows truncating a table. Applies to managed tables only. | GRANT TRUNCATE ON TABLE <table_name> TO <role_name>; | REVOKE TRUNCATE ON TABLE <table_name> FROM <role_name>; |
| VACUUM | Allows running the VACUUM operation. Applies to managed tables only. | GRANT VACUUM ON TABLE <table_name> TO <role_name>; | REVOKE VACUUM ON TABLE <table_name> FROM <role_name>; |
| ALL [PRIVILEGES] | Grants all privileges over the table to a role. | GRANT ALL ON TABLE <table_name> TO <role_name>; | REVOKE ALL ON TABLE <table_name> FROM <role_name>; |
To grant permissions across all tables in a schema, use schema-level privileges. For example, privileges like SELECT ANY, INSERT ANY, or DELETE ANY at the schema level will apply to all current and future tables within that schema.
Aggregating Indexes
An aggregating index in Firebolt accelerates queries involving aggregate functions on large tables. This reduces compute usage and improves query performance. To create or drop an aggregating index, a role must have the following permissions:MODIFYpermission on the table.CREATEpermission on the parent schema.USAGEpermission on the parent schema.USAGEpermission on the parent database.
MODIFYpermission on the table.USAGEpermission on the parent schema.USAGEpermission on the parent database.
Examples of modifying table permissions
The following example useGRANT to grant permissions. You can also replace GRANT with REVOKE in any of the examples to remove any granted privileges.
SELECT permission
The following code example grants the roledeveloper_role permission to read data from the games table:
INSERT permission
The following code example gives the roledeveloper_role permissions to insert rows into the games table:
MODIFY permission
The following code example grants the roledeveloper_role permission to alter or drop the games table:
DELETE permission
The following code example gives the roledeveloper_role permission to delete rows or partitions from the games table:
UPDATE permission
The following code example grants the roledeveloper_role permission to update rows in the games table:
TRUNCATE permission
The following code example gives the roledeveloper_role permission to truncate the games table, removing all rows:
VACUUM permission
The following code example grants the roledeveloper_role permission to run the VACUUM operation on the games table:
ALL permissions
The following code example grants the roledeveloper_role with all permissions on the table games: