2020-04-03 13:23:32 +00:00
---
2022-08-28 14:53:34 +00:00
slug: /en/operations/settings/permissions-for-queries
2022-04-09 13:29:05 +00:00
sidebar_position: 58
sidebar_label: Permissions for Queries
2020-04-03 13:23:32 +00:00
---
2022-06-02 10:55:18 +00:00
# Permissions for Queries
2018-11-20 15:26:56 +00:00
2018-12-04 09:27:38 +00:00
Queries in ClickHouse can be divided into several types:
2018-11-20 15:26:56 +00:00
2020-03-20 10:10:48 +00:00
1. Read data queries: `SELECT` , `SHOW` , `DESCRIBE` , `EXISTS` .
2. Write data queries: `INSERT` , `OPTIMIZE` .
3. Change settings query: `SET` , `USE` .
4. [DDL ](https://en.wikipedia.org/wiki/Data_definition_language ) queries: `CREATE` , `ALTER` , `RENAME` , `ATTACH` , `DETACH` , `DROP` `TRUNCATE` .
5. `KILL QUERY` .
2018-11-20 15:26:56 +00:00
2018-12-04 09:27:38 +00:00
The following settings regulate user permissions by the type of query:
2018-11-20 15:26:56 +00:00
2022-11-14 19:20:55 +00:00
## readonly
Restricts permissions for read data, write data, and change settings queries.
2018-11-20 15:26:56 +00:00
2022-11-14 19:20:55 +00:00
When set to 1, allows:
2018-11-20 15:26:56 +00:00
2023-04-19 15:55:29 +00:00
- All types of read queries (like SELECT and equivalent queries).
- Queries that modify only session context (like USE).
2018-11-20 15:26:56 +00:00
2022-11-14 19:20:55 +00:00
When set to 2, allows the above plus:
- SET and CREATE TEMPORARY TABLE
2018-11-20 15:26:56 +00:00
2022-11-14 19:20:55 +00:00
:::tip
Queries like EXISTS, DESCRIBE, EXPLAIN, SHOW PROCESSLIST, etc are equivalent to SELECT, because they just do select from system tables.
:::
2018-11-20 15:26:56 +00:00
2019-09-12 14:14:19 +00:00
Possible values:
2018-11-20 15:26:56 +00:00
2023-04-19 15:55:29 +00:00
- 0 — Read, Write, and Change settings queries are allowed.
- 1 — Only Read data queries are allowed.
- 2 — Read data and Change settings queries are allowed.
2018-11-20 15:26:56 +00:00
2022-11-14 19:20:55 +00:00
Default value: 0
:::note
2020-03-20 10:10:48 +00:00
After setting `readonly = 1` , the user can’ t change `readonly` and `allow_ddl` settings in the current session.
2018-11-20 15:26:56 +00:00
2018-12-21 19:23:55 +00:00
When using the `GET` method in the [HTTP interface ](../../interfaces/http.md ), `readonly = 1` is set automatically. To modify data, use the `POST` method.
2018-12-04 09:27:38 +00:00
2022-11-14 16:34:06 +00:00
Setting `readonly = 1` prohibits the user from changing settings. There is a way to prohibit the user from changing only specific settings. Also there is a way to allow changing only specific settings under `readonly = 1` restrictions. For details see [constraints on settings ](../../operations/settings/constraints-on-settings.md ).
2022-11-14 19:20:55 +00:00
:::
2019-06-10 18:38:03 +00:00
2018-11-20 15:26:56 +00:00
2023-09-18 18:39:21 +00:00
## allow_ddl {#allow_ddl}
2018-11-20 15:26:56 +00:00
2019-09-12 14:14:19 +00:00
Allows or denies [DDL ](https://en.wikipedia.org/wiki/Data_definition_language ) queries.
2018-11-20 15:26:56 +00:00
2019-09-12 14:14:19 +00:00
Possible values:
2018-11-20 15:26:56 +00:00
2023-04-19 15:55:29 +00:00
- 0 — DDL queries are not allowed.
- 1 — DDL queries are allowed.
2018-12-04 09:27:38 +00:00
2019-09-12 14:14:19 +00:00
Default value: 1
2022-11-14 19:20:55 +00:00
:::note
You cannot run `SET allow_ddl = 1` if `allow_ddl = 0` for the current session.
:::
:::note KILL QUERY
`KILL QUERY` can be performed with any combination of readonly and allow_ddl settings.
:::