Appendix: Privileges

NOTE:

Various SQL operations require additional privileges on related objects, such as:

For objects that use compute resources (e.g., indexes, materialized views, replicas, sources, sinks), access is also required for the associated cluster.
For objects in a schema, access is also required for the schema.

For details on SQL operations and needed privileges, see Appendix: Privileges by command.

The following privileges are available in Materialize:

Privilege	Description	Abbreviation	Applies to
SELECT	Permission to read rows from an object.	`r`	`MATERIALIZED VIEW` `SOURCE` `TABLE` `VIEW`
INSERT	Permission to insert rows into an object.	`a`	`TABLE`
UPDATE	Permission to modify rows in an object. Modifying rows may also require SELECT if a read is needed to determine which rows to update.	`w`	`TABLE`
DELETE	Permission to delete rows from an object. Deleting rows may also require SELECT if a read is needed to determine which rows to delete.	`d`	`TABLE`
CREATE	Permission to create a new objects within the specified object.	`C`	`DATABASE` `SCHEMA` `CLUSTER`
USAGE	Permission to use or reference an object (e.g., schema/type lookup).	`U`	`CLUSTER` `CONNECTION` `DATABASE` `SCHEMA` `SECRET` `TYPE`
CREATEROLE	Permission to create/modify/delete roles and manage role memberships for any role in the system. WARNING!	`R`	`SYSTEM`
CREATEDB	Permission to create new databases.	`B`	`SYSTEM`
CREATECLUSTER	Permission to create new clusters.	`N`	`SYSTEM`
CREATENETWORKPOLICY	Permission to create network policies to control access at the network layer.	`P`	`SYSTEM`

Object	Privileges
`CLUSTER`	`USAGE` `CREATE`
`CONNECTION`	`USAGE`
`DATABASE`	`USAGE` `CREATE`
`MATERIALIZED VIEW`	`SELECT`
`SCHEMA`	`USAGE` `CREATE`
`SECRET`	`USAGE`
`SOURCE`	`SELECT`
`SYSTEM`	`CREATEROLE` `CREATEDB` `CREATECLUSTER`
`TABLE`	`INSERT` `SELECT` `UPDATE` `DELETE`
`TYPE`	`USAGE`
`VIEW`	`SELECT`

Back to top ↑