Appendix: Built-in roles

`Public` role

{{% include-headless "/headless/rbac-cloud/db-roles-public-membership" %}}

{{% include-headless "/headless/rbac-cloud/public-role-privileges" %}}

You can modify the privileges of your organization's PUBLIC role as well as the define default privileges for PUBLIC.

System catalog roles

Certain internal objects may only be queried by superusers or by users belonging to a particular builtin role, which superusers may grant. These include the following:

Name	Description
`mz_monitor`	Grants access to objects that reveal actions taken by other users, in particular, SQL statements they have issued. Includes `mz_recent_activity_log` and `mz_notices`.
`mz_monitor_redacted`	Grants access to objects that reveal less sensitive information about actions taken by other users, for example, SQL statements they have issued with constant values redacted. Includes `mz_recent_activity_log_redacted`, `mz_notices_redacted`, and `mz_statement_lifecycle_history`.

Public role

System catalog roles

`Public` role