Various SQL operations require additional privileges on related objects, such
as:
For objects that use compute resources (e.g., indexes, materialized views,
replicas, sources, sinks), access is also required for the associated cluster.
For objects in a schema, access is also required for the schema.
The following privileges are available in Materialize:
Privilege
Description
Abbreviation
Applies to
SELECT
Permission to read rows from an object.
r
MATERIALIZED VIEW
SOURCE
TABLE
VIEW
INSERT
Permission to insert rows into an object.
a
TABLE
UPDATE
Permission to modify rows in an object.
Modifying rows may also require SELECT if a read is needed to
determine which rows to update.
w
TABLE
DELETE
Permission to delete rows from an object.
Deleting rows may also require SELECT if a read is needed to determine
which rows to delete.
d
TABLE
CREATE
Permission to create a new objects within the specified object.
C
DATABASE
SCHEMA
CLUSTER
USAGE
Permission to use or reference an object (e.g., schema/type lookup).
U
CLUSTER
CONNECTION
DATABASE
SCHEMA
SECRET
TYPE
CREATEROLE
Permission to create/modify/delete roles and manage role memberships for
any role in the system.
WARNING! Roles with the CREATEROLE privilege can obtain the privileges of any other
role in the system by granting themselves that role. Avoid granting
CREATEROLE unnecessarily.
R
SYSTEM
CREATEDB
Permission to create new databases.
B
SYSTEM
CREATECLUSTER
Permission to create new clusters.
N
SYSTEM
CREATENETWORKPOLICY
Permission to create network policies to control access at the network layer.