GRANT PRIVILEGES
Organization Privileges
Syntax
Description
Grants Organization privileges to one or more roles.
The current role requires one of the following privileges:
Ownership of Organization
MANAGE_GRANTS
privilege on OrganizationPrivilege granted to the current role
WITH GRANT OPTION
.
Arguments
CREATE_DATABASE
Allow Role to create Databases under the Organization.
CREATE_STORE
Allow Role to define Stores under the Organization.
CREATE_SCHEMA_REGISTRY
Allow Role to define Schema Registries under the Organization.
CREATE_DESCRIPTOR_SOURCE
Allow Role to upload Descriptor Sources to the Organization.
CREATE_FUNCTION_SOURCE
Allow Role to upload UDF and UDAF sources to the Organization.
CREATE_FUNCTION
Allow Role to define a new UDF or UDAF under the Organization. The Role will also require USAGE
privileges to the Function Source.
CREATE_QUERY
Allow Role to launch a new Query under the Organization. The Role will also additional privileges on Database, Schema, Relations and Stores in order to launch the Query.
MANAGE_MEMBERS
Allow Role to manage Roles, Invitations and Users.
MANAGE_GRANTS
Allow Role to manage all Privilege grants within the Organization.
ALL PRIVILEGES
Grants all the Privileges listed above to the Role.
role_name [, ...]
One or more Roles to grant the privileges to.
WITH GRANT OPTION
Grants privileges that allow the Role to grant the same privileges to other Roles.
Example
Database Privileges
Description
Grants Database privileges to one or more roles.
Arguments
USAGE
Allow Role to list, and use the Database. The Role will also require additional privileges on Schema, and Relations in order to use them.
CREATE
Allow Role to create Schemas under the Database.
ALL PRIVILEGES
Grants all the Privileges listed above to the Role.
database_name
The name of the Database to granted privileges on.
role_name [, ...]
One or more Roles to grant the privileges to.
WITH GRANT OPTION
Grants privileges that allow the Role to grant the same privileges to other Roles.
Example
Database Schema Privileges
Description
Grants Schema privileges to one or more roles.
Arguments
USAGE
Allow Role to list, and use the Schemas. The Role will also additional privileges on Relations in order to use them.
CREATE
Allow Role to create Relations under the Schema.
ALL PRIVILEGES
Grants all the Privileges listed above to the Role.
schema_name
The qualified name of the Schema to grant privileges on. This name can include a specific Database name to form a fully qualified name in the format of <database_name>.<schema_name>
, otherwise the current Database name in the session is used.
role_name [, ...]
One or more Roles to grant the privileges to.
WITH GRANT OPTION
Grants privileges that allow the Role to grant the same privileges to other Roles.
Example
Store Privileges
Description
Grants Store privileges to one or more roles.
Arguments
USAGE
Allow Role to list, and use the Store.
store_name
The name of the Store to granted privileges on.
role_name [, ...]
One or more Roles to grant the privileges to.
WITH GRANT OPTION
Grants privileges that allow the Role to grant the same privileges to other Roles.
Example
Descriptor Source Privileges
Description
Grants Descriptor Source privileges to one or more roles.
Arguments
USAGE
Allow Role to list, and use the Descriptor Source.
descriptor_source_name
The name of the Descriptor Source to granted privileges on.
role_name [, ...]
One or more Roles to grant the privileges to.
WITH GRANT OPTION
Grants privileges that allow the Role to grant the same privileges to other Roles.
Example
Relation Privileges
Description
Grants Relation privileges to one or more roles.
Arguments
SELECT
Allow Role to create a Query and use the relation as a source.
INSERT
Allow Role to create a Query and use the relation as a sink.
relation_name
The name of the Relation to grant privileges on. Optionally, provide Database and Schema name for a fully qualified relation name in the format of [<database_name>.<schema_name>.]<relation_name>
, e.g. db1.public.pageviews
. Otherwise, the current Database and Schema will be used to identify the Relation.
role_name [, ...]
One or more Roles to grant the privileges to.
WITH GRANT OPTION
Grants privileges that allow the Role to grant the same privileges to other Roles.
Example
Function Source Privileges
Description
Grants Function Source privileges to one or more roles.
Arguments
USAGE
Allow Role to list, and use the Function Source.
function_source_name
The name of the Function Source to granted privileges on.
role_name [, ...]
One or more Roles to grant the privileges to.
WITH GRANT OPTION
Grants privileges that allow the Role to grant the same privileges to other Roles.
Example
Function Privileges
Description
Grants Function privileges to one or more roles.
Arguments
USAGE
Allow Role to list, and use the Function.
function_identifier
The name of the Function to grant privileges on.
role_name [, ...]
One or more Roles to grant the privileges to.
WITH GRANT OPTION
Grants privileges that allow the Role to grant the same privileges to other Roles.
Example
Region Privileges
Description
Grants Region usage privileges to one or more roles.
By default, the public
Role is granted access to all the regions. A Role with the MANAGE_GRANTS
privilege can grant or revoke the Region USAGE
privilege from other roles.
Arguments
USAGE
Allow Role to list, and use the Region to create Stores and launch Queries.
region_name
The name of the Region to granted privileges on.
role_name [, ...]
One or more Roles to grant the privileges to.
WITH GRANT OPTION
Grants privileges that allow the Role to grant the same privileges to other Roles.
Example
Last updated