Appendix: Built-in roles
Public role
All roles in Materialize are automatically members of
PUBLIC. As
such, every role includes inherited privileges from PUBLIC.
By default, the PUBLIC role has the following privileges:
| Privilege | Description | On database object(s) |
|---|---|---|
USAGE
|
Permission to use or reference an object. |
|
| Object(s) | Object owner | Default Privilege | Granted to | Description |
|---|---|---|---|---|
TYPE
|
PUBLIC
|
USAGE
|
PUBLIC
|
When a data type is created (regardless of the owner), all
roles are granted the USAGE privilege. However, to use a data type, the
role must also have USAGE privilege on the schema containing the type.
|
Default privileges apply only to objects created after these privileges are defined. They do not affect objects that were created before the default privileges were set.
You can modify the privileges of your organization’s PUBLIC role as well as
the define default privileges for PUBLIC.
System catalog roles
Certain internal objects may only be queried by superusers or by users belonging to a particular builtin role, which superusers may grant. These include the following:
| Name | Description |
|---|---|
mz_monitor |
Grants access to objects that reveal actions taken by other users, in particular, SQL statements they have issued. Includes mz_recent_activity_log and mz_notices. |
mz_monitor_redacted |
Grants access to objects that reveal less sensitive information about actions taken by other users, for example, SQL statements they have issued with constant values redacted. Includes mz_recent_activity_log_redacted, mz_notices_redacted, and mz_statement_lifecycle_history. |