Entities #

The Starburst Galaxy access control system manages privileges to access all entities – roles, users, clusters, catalogs, schemas, tables, and object storage locations.

List #

The following table lists all available types of entities and the associated privileges, that can be managed with SQL statements.

Entity Description Privileges
CLUSTER A single cluster specified by name.
CATALOG A single catalog specified by name. CREATE_SCHEMA
ROLE A single role specified by name. None
USER A single user specified by name. None
SCHEMA A single schema specified by catalog name and schema name. CREATE_TABLE
TABLE A single table specified by catalog name, schema name and table name. SELECT, INSERT, DELETE, UPDATE
location A URI to the root of an object storage location. None

Entities with None in the Privileges column can only be managed with the Starburst Galaxy UI, and not with SQL commands.

Visibility #

The visibility of an entity for a user is controlled by the following aspects:

  • Ownership of an entity, or any contained entity, provides visibility.
  • Grant of any privilege on an entity, or any contained entity, provides visibility.
  • A wildcard privilege for ownership to any privilege on an entity, provides visibility to existing matching entities and any future matching entities.
  • The MANAGE_SECURITY privilege provides full visibility to all entities.

Visibility alone does not grant any access to an entity.