Manage roles
This page outlines how to create and manage roles in Materialize.
Create a role
To create a new role, use the CREATE ROLE statement:
CREATE ROLE <role_name> WITH <role_attribute>;
Materialize roles have the following available attributes:
| Name | Description |
|---|---|
INHERIT |
Read-only. Can inherit privileges of other roles. |
Alter a role’s attributes
To change a role’s attributes, use the ALTER ROLE statement:
ALTER ROLE <role_name> WITH <ATTRIBUTE>;
Grant a role to a user
To grant a role assignment to a user, use the GRANT statement:
GRANT <role_name> to <user_name>;
Remove a user from a role
To remove a user from a role, use the REVOKE statement:
REVOKE <role_name> FROM <user_name>;
Drop a role
To remove a role, use the DROP ROLE statement:
DROP ROLE <role_name>;
Builtin roles
Certain internal objects may only be queried by superusers or by users belonging to a particular builtin role, which superusers may grant. These include the following:
| Name | Description |
|---|---|
mz_monitor |
Grants access to objects that reveal actions taken by other users, in particular, SQL statements they have issued. Includes mz_recent_activity_log and mz_notices. |
mz_monitor_redacted |
Grants access to objects that reveal less sensitive information about actions taken by other users, for example, SQL statements they have issued with constant values redacted. Includes mz_recent_activity_log_redacted, mz_notices_redacted, and mz_statement_lifecycle_history. |