Home  /  Manage Materialize  /  Access control (Role-based)

Appendix: Privileges

NOTE:

Various SQL operations require additional privileges on related objects, such as:

  • For objects that use compute resources (e.g., indexes, materialized views, replicas, sources, sinks), access is also required for the associated cluster.

  • For objects in a schema, access is also required for the schema.

For details on SQL operations and needed privileges, see Appendix: Privileges by command.

The following privileges are available in Materialize:

    Privilege Description Abbreviation Applies to
    SELECT Permission to read rows from an object. r
    • MATERIALIZED VIEW
    • SOURCE
    • TABLE
    • VIEW
    INSERT Permission to insert rows into an object. a
    • TABLE
    UPDATE

    Permission to modify rows in an object.

    Modifying rows may also require SELECT if a read is needed to determine which rows to update.

    		 w
    • TABLE
    DELETE

    Permission to delete rows from an object.

    Deleting rows may also require SELECT if a read is needed to determine which rows to delete.

    		 d
    • TABLE
    CREATE Permission to create a new objects within the specified object. C
    • DATABASE
    • SCHEMA
    • CLUSTER
    USAGE Permission to use or reference an object (e.g., schema/type lookup). U
    • CLUSTER
    • CONNECTION
    • DATABASE
    • SCHEMA
    • SECRET
    • TYPE
    CREATEROLE

    Permission to create/modify/delete roles and manage role memberships for any role in the system.

    WARNING! Roles with the CREATEROLE privilege can obtain the privileges of any other role in the system by granting themselves that role. Avoid granting CREATEROLE unnecessarily.
    		R
    • SYSTEM
    CREATEDB Permission to create new databases. B
    • SYSTEM
    CREATECLUSTER Permission to create new clusters. N
    • SYSTEM
    CREATENETWORKPOLICY Permission to create network policies to control access at the network layer. P
    • SYSTEM
    Object Privileges
    CLUSTER
    • USAGE
    • CREATE
    CONNECTION
    • USAGE
    DATABASE
    • USAGE
    • CREATE
    MATERIALIZED VIEW
    • SELECT
    SCHEMA
    • USAGE
    • CREATE
    SECRET
    • USAGE
    SOURCE
    • SELECT
    SYSTEM
    • CREATEROLE
    • CREATEDB
    • CREATECLUSTER
    TABLE
    • INSERT
    • SELECT
    • UPDATE
    • DELETE
    TYPE
    • USAGE
    VIEW
    • SELECT
    Back to top ↑