The Starburst Galaxy access control system manages privileges to access all entities – roles, users, clusters, catalogs, schemas, tables, object storage locations, and functions.
The following table lists all available types of entities and the associated privileges, that can be managed with SQL statements.
|CLUSTER||A single cluster specified by name.||No SQL privileges. Configure USE_CLUSTER and START_STOP_CLUSTER with the user interface.|
|CATALOG||A single catalog specified by name.||CREATE_SCHEMA|
|ROLE||A single role specified by name.||No SQL privileges. Configured with the user interface.|
|USER||A single user specified by name.||No SQL privileges. Configured with the user interface.|
|SCHEMA||A single schema specified by catalog name and schema name.||CREATE_TABLE|
|TABLE||A single table specified by catalog name, schema name and table name.||SELECT, INSERT, DELETE, UPDATE|
|location||A URI to the root of an object storage location.||No SQL privileges.
|function||A function to invoke as part of a SQL statement.||No SQL privileges. Usage detailed in the function privilege section.|
No SQL privileges in the Privileges column can only be managed
with the Starburst Galaxy UI, and not with SQL commands.
The visibility of an entity for a user is controlled by the following aspects:
- Ownership of an entity, or any contained entity, provides visibility.
- Grant of any privilege on an entity, or any contained entity, provides visibility.
- A wildcard privilege for ownership to any privilege on an entity, provides visibility to existing matching entities and any future matching entities.
- The MANAGE_SECURITY privilege provides full visibility to all entities.
Visibility alone does not grant any access to an entity.
Is the information on this page helpful?