Skip to main content
Location permissions in Firebolt control who can modify, and use LOCATION objects. These permissions are managed through Firebolt’s Role-Based Access Control (RBAC) system. For account-level location permissions, see Account permissions. The following table outlines the privileges that can be granted for managing locations within a particular account:

Secret management

Location permissions provide a secure way to manage access to sensitive credentials. When a role has USAGE permission on a location:
  • The role can use the location’s credentials to access external data sources
  • The role cannot view or extract the actual credentials stored in the location
  • The credentials remain hidden in all system views and logs
This separation between usage and visibility ensures that sensitive credentials are protected while still allowing authorized roles to access the data they need.

Examples of granting location permissions

The following code examples show how to grant various location-related permissions:

MODIFY permission

The following code example grants role my_role permission to modify the loc location:

USAGE permission

The following code example grants role my_role permission to use the loc location:

Additional location permissions example