# Appendix: Privileges List of available privileges in Materialize. > **Note:** Various SQL operations require additional privileges on related objects, such > as: > - For objects that use compute resources (e.g., indexes, materialized views, > replicas, sources, sinks), access is also required for the associated cluster. > - For objects in a schema, access is also required for the schema. > For details on SQL operations and needed privileges, see [Appendix: Privileges > by command](/security/appendix/appendix-command-privileges/). The following privileges are available in Materialize: **By Privilege:** | Privilege | Description | Abbreviation | Applies to | | --- | --- | --- | --- | | SELECT | Permission to read rows from an object. | r | | | INSERT | Permission to insert rows into an object. | a | | | UPDATE |

Permission to modify rows in an object.

Modifying rows may also require SELECT if a read is needed to determine which rows to update.

| w | | | DELETE |

Permission to delete rows from an object.

Deleting rows may also require SELECT if a read is needed to determine which rows to delete.

| d | | | CREATE | Permission to create a new objects within the specified object. | C | | | USAGE | Permission to use or reference an object (e.g., schema/type lookup). | U | | | CREATEROLE |

Permission to create/modify/delete roles and manage role memberships for any role in the system.

> **Warning:** Roles with the `CREATEROLE` privilege can obtain the privileges of any other > role in the system by granting themselves that role. Avoid granting > `CREATEROLE` unnecessarily. | R | | | CREATEDB | Permission to create new databases. | B | | | CREATECLUSTER | Permission to create new clusters. | N | | | CREATENETWORKPOLICY | Permission to create network policies to control access at the network layer. | P | | **By Object:** | Object | Privileges | | --- | --- | | CLUSTER | | | CONNECTION | | | DATABASE | | | MATERIALIZED VIEW | | | SCHEMA | | | SECRET | | | SOURCE | | | SYSTEM | | | TABLE | | | TYPE | | | VIEW | |