Starburst Galaxy

  • Starburst Galaxy Home
  • Get started
  • Get support
  •   Global features
  • Release notes
  • Feature release types

  • Starburst Galaxy UI
  •   Query
  •   Catalogs
  •   Catalog explorer
  •   Data products
  •   Clusters
  • Partner connect
  •   Admin
  •   Access control
  •   Cloud settings

  • Administration
  •   Security
  •   Single sign-on
  •   Troubleshooting
  • Galaxy status

  • Reference
  • API
  •   SQL
  •   Tutorials
  • Entities #

    The Starburst Galaxy access control system manages privileges to access all entities – roles, users, clusters, catalogs, schemas, tables, object storage locations, and functions.

    List #

    The following table lists all available types of entities and the associated privileges, that can be managed with SQL statements.

    Entity Description SQL privileges
    CLUSTER A single cluster specified by name. No SQL privileges. Configure USE_CLUSTER and START_STOP_CLUSTER with the user interface.
    CATALOG A single catalog specified by name. CREATE_SCHEMA
    ROLE A single role specified by name. No SQL privileges. Configured with the user interface.
    USER A single user specified by name. No SQL privileges. Configured with the user interface.
    SCHEMA A single schema specified by catalog name and schema name. CREATE_TABLE
    TABLE A single table specified by catalog name, schema name and table name. SELECT, INSERT, DELETE, UPDATE
    location A URI to the root of an object storage location. No SQL privileges. Create SQL as detailed the location privilege section.
    function A function to invoke as part of a SQL statement. No SQL privileges. Usage detailed in the function privilege section.

    Entities with No SQL privileges in the Privileges column can only be managed with the Starburst Galaxy UI, and not with SQL commands.

    Visibility #

    The visibility of an entity for a user is controlled by the following aspects:

    • Ownership of an entity, or any contained entity, provides visibility.
    • Grant of any privilege on an entity, or any contained entity, provides visibility.
    • A wildcard privilege for ownership to any privilege on an entity, provides visibility to existing matching entities and any future matching entities.
    • The MANAGE_SECURITY privilege provides full visibility to all entities.

    Visibility alone does not grant any access to an entity.