Manage roles

This page outlines how to create and manage roles in Materialize.

Create a role

To create a new role, use the CREATE ROLE statement:

CREATE ROLE <role_name> WITH <role_attribute>;

Materialize roles have the following available attributes:

Name Description
INHERIT Read-only. Can inherit privileges of other roles.

Alter a role’s attributes

To change a role’s attributes, use the ALTER ROLE statement:


Grant a role to a user

To grant a role assignment to a user, use the GRANT statement:

GRANT <role_name> to <user_name>;

Remove a user from a role

To remove a user from a role, use the REVOKE statement:

REVOKE <role_name> FROM <user_name>;

Drop a role

To remove a role, use the DROP ROLE statement:

DROP ROLE <role_name>;

Builtin roles

Certain internal objects may only be queried by superusers or by users belonging to a particular builtin role, which superusers may grant. These include the following:

Name Description
mz_monitor Grants access to objects that reveal actions taken by other users, in particular, SQL statements they have issued. Includes mz_recent_activity_log and mz_notices.
mz_monitor_redacted Grants access to objects that reveal less sensitive information about actions taken by other users, for example, SQL statements they have issued with constant values redacted. Includes mz_recent_activity_log_redacted, mz_notices_redacted, and mz_statement_lifecycle_history.
Back to top ↑