There are two categories of privileges:
- Privileges associated with the account and not a specific entity in the account. These include privileges to create new new global entities, such as clusters and catalogs, and to manage security for all entities.
- Privileges that grant rights to a single entity. These privileges are called entity privileges. The only current entity privileges are rights to use or operate a CLUSTER.
Account privileges #
|MANAGE_SECURITY||MANAGE_SECURITY is the encompassing privilege for security management. It allows you to grant or revoke any privilege or role on any entity. It can grant these to itself, and can also create, update or delete any user or any role.|
|CREATE_CLUSTER||Create a new cluster. Does not convey the right to modify, stop or start any cluster.|
|CREATE_CATALOG||Create a new catalog. Does not convey the right to use, modify or delete any catalog.|
|CREATE_ROLE||Create a new role. Does not convey the right to grant, modify or delete any role.|
|CREATE_USER||Create a new user. Does not convey the right to modify or delete any user, nor to grant or revoke roles to the user.|
|VIEW_AUDIT_LOG||View the Audit log page.|
|MANAGE_BILLING||View usage and billing and update account profile.|
Cluster privileges #
|START_STOP_CLUSTER||Start or stop the cluster.|
|USE_CLUSTER||View and run queries against the cluster. Does not convey the right to modify, stop or start the cluster.|
Is the information on this page helpful?