SQL entity kinds and privileges#

This table lists the privileges for all Galaxy entity kinds. All of these privileges may be granted, denied and revoked using SQL as well as the UI. See GRANT privilege, DENY, REVOKE privilege and SHOW GRANTS.

Entity kind Entity name Privileges
ACCOUNT An account privilege is specified by MY ACCOUNT. APPLY_TAG, CANCEL_QUERY, CREATE_CATALOG, CREATE_CLUSTER, CREATE_FUNCTION, CREATE_ROLE, CREATE_TAG, CREATE_USER, DOWNLOAD_QUERY_RESULTS, GENERATIVE_AI_FEATURES, MANAGE_ACCOUNT_WORK, MANAGE_BILLING, MANAGE_INGEST_STREAMS, MANAGE_NOTIFICATIONS, MANAGE_OAUTH_CLIENT, MANAGE_QUERY_ROUTING_RULES, MANAGE_SECURITY, MANAGE_SERVICE_ACCOUNT, MANAGE_SERVICE_ACCOUNT_TOKEN, MANAGE_SSO, SSO_USER_PASSWORD_LOGIN, VIEW_ALL_DATA_LINEAGE, VIEW_ALL_QUERY_HISTORY, VIEW_AUDIT_LOG, VIEW_PUBLIC_OAUTH_CLIENT
CLUSTER A single cluster specified by name. USE_CLUSTER, ENABLE_DISABLE_CLUSTER, MONITOR_CLUSTER
CATALOG A single catalog specified by name. CREATE_SCHEMA
SCHEMA A single schema specified by catalog name and schema name. CREATE_TABLE
TABLE A single table specified by catalog name, schema name and table name. SELECT, INSERT, DELETE, UPDATE
LOCATION A URI to the root of an object storage location. CREATE_SQL as detailed the location privilege section.
FUNCTION A function to invoke as part of a SQL statement. EXECUTE Usage detailed in the function privilege section.