Access control basics #

The following pages in this section provide you with information about managing aspects of Starburst Galaxy such as access control and privileges.

• Galaxy privileges basics
• Privileges tables
• SQL privileges

Other useful resources:

• Account and cluster privileges
• Data privileges

The access control system of Starburst Galaxy makes it easy to ensure that each user has the appropriate access rights to perform actions on entities in the system.

Roles and privileges #

A role has a name and an optional description. A role can be granted privileges on entities such as clusters, catalogs, and tables. This provides fine-grained control that protects your data, and allows you to define just the right mix of allowed actions and access for each function in your organization.

Ownership #

Ownership of entities is controlled with roles. This is often called a Discretionary Access Control (DAC) system, and the following aspects apply:

• Every entity is owned by exactly one role: the owner role. Entities are not owned by users.
• Ownership grants full control over the entity, including:
  • Updating (alter) the entity.
  • Deleting (drop) the entity.
  • Grant, deny, or revoke privileges on the entity for any other role.
• Full control operations are also available through indirect ownership via a role in the user’s active role set. Effectively the rights of ownership are inherited from child roles, just like other privileges.
• Ownership can be transferred from one role to another with the following requirements:
  • The active role set must contain the current owner role.
  • The current user must have a grant to the new owner role. This ensures that a user cannot transfer an entity and lose access. If this is necessary for an entity, another user with both roles in the active role set must change the ownership.
• The owner role is set from the current role when the object is created.
• By default, a role that owns a catalog owns all the schemas and tables in that catalog. However, a user can change the ownership of a schema or table after creation as described in privileges basics.
• Externally created schemas are assigned the owner of the catalog as owner role.
• Externally created tables are assigned the owner of the catalog as owner role.

Privileges, roles, and users #

Privileges and ownership for entities are granted to roles, never to users.

A role can be granted to another role. That other role inherits all the privileges and ownership rights of the granted role.

A role can be granted to a user. When the user assumes that role, the user gets all the privileges and ownership rights of the role.

Session and current role #

When you are using Starburst Galaxy with your account directly in the user interface or with a client application, the following aspects apply:

• You are identified as a specific user, and your usage is contained in a session.
• A specific role is assigned and displayed under your user name in the user interface. This current role is tested for any privilege, and is the owner of any created entity. Only one role can be set as the current role.
• The active role set determines all currently available and applicable privileges.
• If no role is selected upon connection with a client tool or when logging into the user interface, a default role is used. This default role can be identical for all users, or configured specifically for each user.

As a further security control, Starburst Galaxy invalidates the cookie associated with your login session after 24 hours. This forces each login session to log out and re-authenticate at least once per day.

SQL management of roles #

You can use the following SQL commands to manage roles and grants:

• CREATE ROLE
• DENY
• DROP ROLE
• GRANT
• GRANT ROLES
• REVOKE
• REVOKE ROLES
• SET ROLE
• SHOW GRANTS
• SHOW ROLE GRANTS
• SHOW ROLES

See roles for example commands.

The grants and ownership of entities are updated when a SQL command is executed, or changes are made in the user interface.