Access control - Roles and privileges #

The Roles and privileges section displays a list of all of the roles in the active role set of the user’s current role. A role has a collection of privileges. Users are assigned one or more roles.

Create a role #

Use the Create role button to create additional roles. A role only consists of a name and a description. Once created it is displayed in the list of roles, and you can proceed to add privileges to the role.

Delete or update a role #

Use the edit icon on the left of each row to edit or delete the role. Predefined roles may not be deleted.

Viewing a role’s privileges #

You can use the Privileges button to view the role’s privileges, or add privileges. If the role has privileges that are directly granted to the role, they are displayed first, and then the privileges inherited from other roles in the active role set of the role are displayed.

Add privileges #

When viewing a role’s privileges, the Add privilege button displays a dialog to grant privileges to the user’s current role:

  • You first select the the kind of entity - - account, cluster, catalog, user, role, schema or table.
  • By default, new privileges allow access rights, but you can click the deny switch to create a deny privilege.
  • If the entity kind is not ACCOUNT, the next step is selecting the specific entity to which the privilege should apply. For privileges granted on tables and schemas, the name of the entity can represent a wildcard.
  • The last step is selecting the privileges on the entity to grant to the current role, and clicking the Add privileges button to save the privilege grants.

Delete privileges #

When viewing a role’s privileges, click the delete icon beside a privilege to remove the privilege from the role. The delete icon is disabled if the privilege was predefined at account creation time. Inherited privileges may not be deleted or modified in this dialog. To remove an inherited privilege, select the role that owns the privilege on the roles page, and select the role owning them.

Assign a role #

The Assign button is used to assign the role to other roles and users.