Skip to main content
In Firebolt, a table is a structured data object within a database, composed of rows and columns. Tables are the foundational units for organizing, querying, and managing data in your Firebolt data warehouse. Table-level permissions allow roles to perform actions such as selecting, modifying, or managing data within specific tables.
To perform actions on a table, roles must also have USAGE permissions on both the parent schema and the parent database of the table.

Table-level privileges

To grant permissions across all tables in a schema, use schema-level privileges. For example, privileges like SELECT ANY, INSERT ANY, or DELETE ANY at the schema level will apply to all current and future tables within that schema.

Indexes

In Firebolt, indexes can be used to accelerate query performance. An aggregating index accelerates queries involving aggregate functions on large tables. A [vector search index] allows to quickly find vectors that are similar (i.e., in close distance) to a query vector. To create or drop an index, a role must have the following permissions:
  • MODIFY permission on the table.
  • CREATE permission on the parent schema.
  • USAGE permission on the parent schema.
  • USAGE permission on the parent database.
To drop an index, the role requires:
  • MODIFY permission on the table.
  • USAGE permission on the parent schema.
  • USAGE permission on the parent database.

Examples of modifying table permissions

The following example use GRANT to grant permissions. You can also replace GRANT with REVOKE in any of the examples to remove any granted privileges.

SELECT permission

The following code example grants the role developer_role permission to read data from the games table:
You can also grant SELECT on specific columns only. The following example restricts the role to reading only the name and score columns:
For more information, see Column-level security.

INSERT permission

The following code example gives the role developer_role permissions to insert rows into the games table:

MODIFY permission

The following code example grants the role developer_role permission to alter or drop the games table:

DELETE permission

The following code example gives the role developer_role permission to delete rows or partitions from the games table:

UPDATE permission

The following code example grants the role developer_role permission to update rows in the games table:

TRUNCATE permission

The following code example gives the role developer_role permission to truncate the games table, removing all rows:

VACUUM permission

The following code example grants the role developer_role permission to run the VACUUM operation on the games table:

ALL permissions

The following code example grants the role developer_role with all permissions on the table games:

Considerations

  • Use the REVOKE statement to remove any granted privileges. Replace GRANT with REVOKE in the examples above.
  • Table-level permissions apply only to the specified table. For broader control, consider granting schema-level privileges.
  • SELECT can be scoped to individual columns using column-level security. A role with table-level SELECT can read all columns regardless of any column-scoped grants.