2020-04-03 13:23:32 +00:00
|
|
|
|
---
|
2020-04-08 14:22:25 +00:00
|
|
|
|
machine_translated: true
|
2020-05-15 04:34:54 +00:00
|
|
|
|
machine_translated_rev: 72537a2d527c63c07aa5d2361a8829f3895cf2bd
|
2020-04-08 14:22:25 +00:00
|
|
|
|
toc_priority: 58
|
|
|
|
|
toc_title: "\u67E5\u8BE2\u6743\u9650"
|
2020-04-03 13:23:32 +00:00
|
|
|
|
---
|
|
|
|
|
|
2020-04-08 14:22:25 +00:00
|
|
|
|
# 查询权限 {#permissions_for_queries}
|
2020-04-03 13:23:32 +00:00
|
|
|
|
|
2020-04-08 14:22:25 +00:00
|
|
|
|
ClickHouse中的查询可以分为几种类型:
|
2020-04-03 13:23:32 +00:00
|
|
|
|
|
2020-04-08 14:22:25 +00:00
|
|
|
|
1. 读取数据查询: `SELECT`, `SHOW`, `DESCRIBE`, `EXISTS`.
|
|
|
|
|
2. 写入数据查询: `INSERT`, `OPTIMIZE`.
|
|
|
|
|
3. 更改设置查询: `SET`, `USE`.
|
|
|
|
|
4. [DDL](https://en.wikipedia.org/wiki/Data_definition_language) 查询: `CREATE`, `ALTER`, `RENAME`, `ATTACH`, `DETACH`, `DROP` `TRUNCATE`.
|
2020-04-03 13:23:32 +00:00
|
|
|
|
5. `KILL QUERY`.
|
|
|
|
|
|
2020-04-08 14:22:25 +00:00
|
|
|
|
以下设置按查询类型规范用户权限:
|
2020-04-03 13:23:32 +00:00
|
|
|
|
|
2020-04-08 14:22:25 +00:00
|
|
|
|
- [只读](#settings_readonly) — Restricts permissions for all types of queries except DDL queries.
|
2020-04-03 13:23:32 +00:00
|
|
|
|
- [allow\_ddl](#settings_allow_ddl) — Restricts permissions for DDL queries.
|
|
|
|
|
|
2020-04-08 14:22:25 +00:00
|
|
|
|
`KILL QUERY` 可以与任何设置进行。
|
2020-04-03 13:23:32 +00:00
|
|
|
|
|
2020-04-08 14:22:25 +00:00
|
|
|
|
## 只读 {#settings_readonly}
|
2020-04-03 13:23:32 +00:00
|
|
|
|
|
2020-04-08 14:22:25 +00:00
|
|
|
|
限制读取数据、写入数据和更改设置查询的权限。
|
2020-04-03 13:23:32 +00:00
|
|
|
|
|
2020-04-08 14:22:25 +00:00
|
|
|
|
查看查询如何划分为多种类型 [以上](#permissions_for_queries).
|
2020-04-03 13:23:32 +00:00
|
|
|
|
|
2020-04-08 14:22:25 +00:00
|
|
|
|
可能的值:
|
2020-04-03 13:23:32 +00:00
|
|
|
|
|
|
|
|
|
- 0 — All queries are allowed.
|
|
|
|
|
- 1 — Only read data queries are allowed.
|
|
|
|
|
- 2 — Read data and change settings queries are allowed.
|
|
|
|
|
|
2020-04-08 14:22:25 +00:00
|
|
|
|
设置后 `readonly = 1`,用户无法更改 `readonly` 和 `allow_ddl` 当前会话中的设置。
|
2020-04-03 13:23:32 +00:00
|
|
|
|
|
2020-04-08 14:22:25 +00:00
|
|
|
|
使用时 `GET` 方法中的 [HTTP接口](../../interfaces/http.md), `readonly = 1` 自动设置。 要修改数据,请使用 `POST` 方法。
|
2020-04-03 13:23:32 +00:00
|
|
|
|
|
2020-04-08 14:22:25 +00:00
|
|
|
|
设置 `readonly = 1` 禁止用户更改所有设置。 有一种方法可以禁止用户
|
2020-04-30 18:19:18 +00:00
|
|
|
|
从只更改特定设置,有关详细信息,请参阅 [对设置的限制](constraints-on-settings.md).
|
2020-04-03 13:23:32 +00:00
|
|
|
|
|
2020-04-08 14:22:25 +00:00
|
|
|
|
默认值:0
|
2020-04-03 13:23:32 +00:00
|
|
|
|
|
|
|
|
|
## allow\_ddl {#settings_allow_ddl}
|
|
|
|
|
|
2020-04-08 14:22:25 +00:00
|
|
|
|
允许或拒绝 [DDL](https://en.wikipedia.org/wiki/Data_definition_language) 查询。
|
2020-04-03 13:23:32 +00:00
|
|
|
|
|
2020-04-08 14:22:25 +00:00
|
|
|
|
查看查询如何划分为多种类型 [以上](#permissions_for_queries).
|
2020-04-03 13:23:32 +00:00
|
|
|
|
|
2020-04-08 14:22:25 +00:00
|
|
|
|
可能的值:
|
2020-04-03 13:23:32 +00:00
|
|
|
|
|
|
|
|
|
- 0 — DDL queries are not allowed.
|
|
|
|
|
- 1 — DDL queries are allowed.
|
|
|
|
|
|
2020-04-08 14:22:25 +00:00
|
|
|
|
你不能执行 `SET allow_ddl = 1` 如果 `allow_ddl = 0` 对于当前会话。
|
2020-04-03 13:23:32 +00:00
|
|
|
|
|
2020-04-08 14:22:25 +00:00
|
|
|
|
默认值:1
|
2020-04-03 13:23:32 +00:00
|
|
|
|
|
2020-04-08 14:22:25 +00:00
|
|
|
|
[原始文章](https://clickhouse.tech/docs/en/operations/settings/permissions_for_queries/) <!--hide-->
|