Privileges #

A privilege applies to an entity and provides the right to perform specific actions. The following sections describe these privileges as they relate to security, catalogs and clusters.

There are two categories of privileges:

  1. Privileges associated with the account and not a specific entity in the account. These include privileges to create new new global entities, such as clusters and catalogs, and to manage security for all entities.
  2. Privileges that grant rights to a single entity. These privileges are called entity privileges. The only current entity privileges are rights to use or operate a CLUSTER.

Account privileges #

Privilege Description
MANAGE_SECURITY MANAGE_SECURITY is the encompassing privilege for security management. It allows you to grant or revoke any privilege or role on any entity. It can grant these to itself, and can also create, update or delete any user or any role.
CREATE_CLUSTER Create a new cluster. Does not convey the right to modify, stop or start any cluster.
CREATE_CATALOG Create a new catalog. Does not convey the right to use, modify or delete any catalog.
CREATE_ROLE Create a new role. Does not convey the right to grant, modify or delete any role.
CREATE_USER Create a new user. Does not convey the right to modify or delete any user, nor to grant or revoke roles to the user.
VIEW_AUDIT_LOG View the Audit log page.
MANAGE_BILLING View usage and billing and update account profile.

Cluster privileges #

Privilege Description
START_STOP_CLUSTER Start or stop the cluster.
USE_CLUSTER View and run queries against the cluster. Does not convey the right to modify, stop or start the cluster.