Starburst Documentation
Starburst Galaxy
  •  Get started
  •  Working with data
  •  Data engineering
  •  Developer tools
  •  Cluster administration
  •  Security and compliance
  •  Troubleshooting
  • Galaxy status
  •  Reference

    • starburst galaxy > reference > access control > SQL privileges

    SQL privileges #

    The Starburst Galaxy access control system manages privileges to access all entities – roles, users, clusters, catalogs, schemas, tables, views, columns, object storage locations, functions, and SQL routines.

    The privileges of all Galaxy entities can be managed with SQL commands as well as the Galaxy UI. The entity kind and the name of the entity must be supplied in the GRANT, DENY or REVOKE statement. The SQL to grant privilege CREATE_SCHEMA on catalog my_catalog to role data_reader without grant option is:

    GRANT CREATE_SCHEMA ON CATALOG my_catalog TO ROLE data_reader;

    In this example CATALOG is the entity kind, my_catalog is the entity name and data_reader is the role receiving the grant.

    To grant privilege USE_CLUSTER on cluster demo_cluster to role data_user, say:

    GRANT USE_CLUSTER ON CLUSTER demo_cluster TO ROLE data_user;

    See the documentation for GRANT privilege, DENY, and REVOKE for details.

    Entity kind Entity name Privileges
    ACCOUNT An account privilege is specified by MY ACCOUNT The many account-level privileges are detailed in the account privileges section
    CLUSTER A single cluster specified by name. USE_CLUSTER, ENABLE_DISABLE_CLUSTER and MONITOR_CLUSTER. Cluster privileges are described in the cluster privilege section.
    CATALOG A single catalog specified by name. CREATE_SCHEMA, as detailed in the catalog privilege section.
    SCHEMA A single schema specified by catalog name and schema name. CREATE_TABLE, as detailed in the schema privilege section.
    TABLE A single table specified by catalog name, schema name and table name. SELECT, INSERT, DELETE, UPDATE, as detailed in the table privilege section.
    LOCATION A URI to the root of an object storage location. CREATE_SQL as detailed in the location privilege section.
    FUNCTION A function to invoke as part of a SQL statement. EXECUTE as detailed in the function privilege section.