SQL entity kinds and privileges#
This table lists the privileges for all Galaxy entity kinds. All of these privileges may be granted, denied and revoked using SQL as well as the UI. See GRANT privilege, DENY, REVOKE privilege and SHOW GRANTS.
Entity kind | Entity name | Privileges |
---|---|---|
ACCOUNT |
An account privilege is specified by MY ACCOUNT .
|
APPLY_TAG ,
CANCEL_QUERY ,
CREATE_CATALOG ,
CREATE_CLUSTER ,
CREATE_FUNCTION ,
CREATE_ROLE ,
CREATE_TAG ,
CREATE_USER ,
DOWNLOAD_QUERY_RESULTS ,
GENERATIVE_AI_FEATURES ,
MANAGE_ACCOUNT_WORK ,
MANAGE_BILLING ,
MANAGE_INGEST_STREAMS ,
MANAGE_NOTIFICATIONS ,
MANAGE_OAUTH_CLIENT ,
MANAGE_QUERY_ROUTING_RULES ,
MANAGE_SECURITY ,
MANAGE_SERVICE_ACCOUNT ,
MANAGE_SERVICE_ACCOUNT_TOKEN ,
MANAGE_SSO ,
SSO_USER_PASSWORD_LOGIN ,
VIEW_ALL_DATA_LINEAGE ,
VIEW_ALL_QUERY_HISTORY ,
VIEW_AUDIT_LOG ,
VIEW_PUBLIC_OAUTH_CLIENT
|
CLUSTER |
A single cluster specified by name. | USE_CLUSTER ,
ENABLE_DISABLE_CLUSTER ,
MONITOR_CLUSTER
|
CATALOG |
A single catalog specified by name. | CREATE_SCHEMA |
SCHEMA |
A single schema specified by catalog name and schema name. | CREATE_TABLE |
TABLE |
A single table specified by catalog name, schema name and table name. | SELECT ,
INSERT ,
DELETE ,
UPDATE
|
LOCATION |
A URI to the root of an object storage location. | CREATE_SQL as
detailed the location privilege
section. |
FUNCTION |
A function to invoke as part of a SQL statement. | EXECUTE Usage
detailed in the function privilege section. |