From 361c0b8e5921c7e826d5ec53dac83f074e71818c Mon Sep 17 00:00:00 2001
From: BayoNet <da-daos@yandex.ru>
Date: Tue, 20 Nov 2018 18:26:56 +0300
Subject: [PATCH] New topic in the docs "Permissions for queries" (#3616)

* Update of english version of descriprion of the table function `file`.

* New syntax for ReplacingMergeTree.
Some improvements in text.

* Significantly change article about SummingMergeTree.
Article is restructured, text is changed in many places of the document. New syntax for table creation is described.

* Descriptions of AggregateFunction and AggregatingMergeTree are updated. Russian version.

* New syntax for new syntax of CREATE TABLE

* Added english docs on Aggregating, Replacing and SummingMergeTree.

* CollapsingMergeTree docs. English version.

* 1. Update of CollapsingMergeTree. 2. Minor changes in markup

* Update aggregatefunction.md

* Update aggregatefunction.md

* Update aggregatefunction.md

* Update aggregatingmergetree.md

* GraphiteMergeTree docs update.
New syntax for creation of Replicated* tables.
Minor changes in *MergeTree tables creation syntax.

* Markup fix

* Markup and language fixes

* Clarification in the CollapsingMergeTree article

* DOCAPI-4821. Sync between ru and en versions of docs.

* Fixed the ambiguity in geo functions description.

* Example of JOIN in ru docs

* Deleted misinforming example.

* New topic 'Permissions for queries'

* Fixes for docs consistency.

* Self-targeting link.
---
 docs/en/interfaces/http_interface.md          |  2 +
 .../settings/permissions_for_queries.md       | 53 +++++++++++++++++++
 .../operations/settings/query_complexity.md   | 12 -----
 .../functions/array_functions.md              |  2 +-
 .../settings/permissions_for_queries.md       |  1 +
 .../settings/permissions_for_queries.md       |  1 +
 .../functions/array_functions.md              |  2 +-
 docs/toc_en.yml                               |  2 +-
 docs/toc_fa.yml                               |  1 +
 docs/toc_ru.yml                               |  1 +
 docs/toc_zh.yml                               |  1 +
 .../settings/permissions_for_queries.md       |  1 +
 12 files changed, 64 insertions(+), 15 deletions(-)
 create mode 100644 docs/en/operations/settings/permissions_for_queries.md
 create mode 120000 docs/fa/operations/settings/permissions_for_queries.md
 create mode 120000 docs/ru/operations/settings/permissions_for_queries.md
 create mode 120000 docs/zh/operations/settings/permissions_for_queries.md

diff --git a/docs/en/interfaces/http_interface.md b/docs/en/interfaces/http_interface.md
index e514f0c4969..2d7b69f60fb 100644
--- a/docs/en/interfaces/http_interface.md
+++ b/docs/en/interfaces/http_interface.md
@@ -1,3 +1,5 @@
+<a name="http_interface"></a>
+
 # HTTP Interface
 
 The HTTP interface lets you use ClickHouse on any platform from any programming language. We use it for working from Java and Perl, as well as shell scripts. In other departments, the HTTP interface is used from Perl, Python, and Go. The HTTP interface is more limited than the native interface, but it has better compatibility.
diff --git a/docs/en/operations/settings/permissions_for_queries.md b/docs/en/operations/settings/permissions_for_queries.md
new file mode 100644
index 00000000000..8c731ed1ce8
--- /dev/null
+++ b/docs/en/operations/settings/permissions_for_queries.md
@@ -0,0 +1,53 @@
+<a name="permissions_for_queries"></a>
+
+# Permissions for queries
+
+Queries in ClickHouse can be divided into several groups:
+
+1. Read data queries: `SELECT`, `SHOW`, `DESCRIBE`, `EXISTS`.
+1. Write data queries: `INSERT`, `OPTIMIZE`.
+1. Change settings queries: `SET`, `USE`.
+1. [DDL](https://en.wikipedia.org/wiki/Data_definition_language) queries: `CREATE`, `ALTER`, `RENAME`, `ATTACH`, `DETACH`, `DROP` `TRUNCATE`.
+1. Particular queries: `KILL QUERY`.
+
+The following settings regulate user permissions for the groups of queries:
+
+- [readonly](#settings_readonly) — Restricts permissions for all groups of queries excepting DDL.
+- [allow_ddl](#settings_allow_ddl) — Restricts permissions for DDL queries.
+
+`KILL QUERY` performs with any settings.
+
+<a name="settings_readonly"></a>
+
+## readonly
+
+Restricts permissions for read data, write data and change settings queries.
+
+See [above](#permissions_for_queries) for the division of queries into groups.
+
+**Possible values**
+
+- 0 — All queries are allowed. Default value.
+- 1 — Read data queries only are allowed.
+- 2 — Read data and change settings queries are allowed.
+
+After setting `readonly = 1`, a user can't change `readonly` and `allow_ddl` settings in the current session.
+
+When using the `GET` method in the [HTTP interface](../../interfaces/http_interface.md#http_interface), `readonly = 1` is set automatically. To modify data use the `POST` method.
+
+<a name="settings_allow_ddl"></a>
+
+## allow_ddl
+
+Allows/denies [DDL](https://en.wikipedia.org/wiki/Data_definition_language) queries.
+
+See [above](#permissions_for_queries) for the division of queries into groups.
+
+**Possible values**
+
+- 0 — DDL queries are not allowed.
+- 1 — DDL queries are allowed. Default value.
+
+You can not execute `SET allow_ddl = 1` if `allow_ddl = 0` for current session.
+
+[Original article](https://clickhouse.yandex/docs/en/operations/settings/permissions_for_queries/) <!--hide-->
diff --git a/docs/en/operations/settings/query_complexity.md b/docs/en/operations/settings/query_complexity.md
index 67418128ffa..2b3bc459305 100644
--- a/docs/en/operations/settings/query_complexity.md
+++ b/docs/en/operations/settings/query_complexity.md
@@ -16,18 +16,6 @@ It can take one of two values: `throw` or `break`. Restrictions on aggregation (
 
 `any (only for group_by_overflow_mode)` – Continuing aggregation for the keys that got into the set, but don't add new keys to the set.
 
-<a name="query_complexity_readonly"></a>
-
-## readonly
-
-With a value of 0, you can execute any queries.
-With a value of 1, you can only execute read requests (such as SELECT and SHOW). Requests for writing and changing settings (INSERT, SET) are prohibited.
-With a value of 2, you can process read queries (SELECT, SHOW) and change settings (SET).
-
-After enabling readonly mode, you can't disable it in the current session.
-
-When using the GET method in the HTTP interface, 'readonly = 1' is set automatically. In other words, for queries that modify data, you can only use the POST method. You can send the query itself either in the POST body, or in the URL parameter.
-
 <a name="settings_max_memory_usage"></a>
 
 ## max_memory_usage
diff --git a/docs/en/query_language/functions/array_functions.md b/docs/en/query_language/functions/array_functions.md
index 65c234935c3..1a8858b8dcc 100644
--- a/docs/en/query_language/functions/array_functions.md
+++ b/docs/en/query_language/functions/array_functions.md
@@ -55,7 +55,7 @@ arrayConcat(arrays)
 
 **Parameters**
 
-- `arrays` – arbitrary number of arguments of type Array.
+- `arrays` – Arbitrary number of arguments of [Array][../../data_types/array.md#data_type-array] type.
 
 **Example**
 
diff --git a/docs/fa/operations/settings/permissions_for_queries.md b/docs/fa/operations/settings/permissions_for_queries.md
new file mode 120000
index 00000000000..ce8473bf01c
--- /dev/null
+++ b/docs/fa/operations/settings/permissions_for_queries.md
@@ -0,0 +1 @@
+../../../en/operations/settings/permissions_for_queries.md
\ No newline at end of file
diff --git a/docs/ru/operations/settings/permissions_for_queries.md b/docs/ru/operations/settings/permissions_for_queries.md
new file mode 120000
index 00000000000..ce8473bf01c
--- /dev/null
+++ b/docs/ru/operations/settings/permissions_for_queries.md
@@ -0,0 +1 @@
+../../../en/operations/settings/permissions_for_queries.md
\ No newline at end of file
diff --git a/docs/ru/query_language/functions/array_functions.md b/docs/ru/query_language/functions/array_functions.md
index 1cbe686cefa..654bf308648 100644
--- a/docs/ru/query_language/functions/array_functions.md
+++ b/docs/ru/query_language/functions/array_functions.md
@@ -55,7 +55,7 @@ arrayConcat(arrays)
 
 **Параметры**
 
-- `arrays` - Перечисленные через запятую массивы `[values]`.
+- `arrays` – произвольное количество элементов типа [Array][../../data_types/array.md#data_type-array].
 
 **Пример**
 
diff --git a/docs/toc_en.yml b/docs/toc_en.yml
index e6e63095dd8..ec4ae4e8619 100644
--- a/docs/toc_en.yml
+++ b/docs/toc_en.yml
@@ -157,10 +157,10 @@ nav:
     - 'Server settings': 'operations/server_settings/settings.md'
   - 'Settings':
     - 'Introduction': 'operations/settings/index.md'
+    - 'Permissions for queries': 'operations/settings/permissions_for_queries.md'
     - 'Restrictions on query complexity': 'operations/settings/query_complexity.md'
     - 'Settings': 'operations/settings/settings.md'
     - 'Settings profiles': 'operations/settings/settings_profiles.md'
-
   - 'Utilities':
     - 'Overview': 'operations/utils/index.md'
     - 'clickhouse-copier': 'operations/utils/clickhouse-copier.md'
diff --git a/docs/toc_fa.yml b/docs/toc_fa.yml
index 780d9747931..bf10398ce85 100644
--- a/docs/toc_fa.yml
+++ b/docs/toc_fa.yml
@@ -154,6 +154,7 @@ nav:
     - 'Server settings': 'operations/server_settings/settings.md'
   - 'Settings':
     - 'Introduction': 'operations/settings/index.md'
+    - 'Permissions for queries': 'operations/settings/permissions_for_queries.md'
     - 'Restrictions on query complexity': 'operations/settings/query_complexity.md'
     - 'Settings': 'operations/settings/settings.md'
     - 'Settings profiles': 'operations/settings/settings_profiles.md'
diff --git a/docs/toc_ru.yml b/docs/toc_ru.yml
index 9c5ee2db74f..00003aa9359 100644
--- a/docs/toc_ru.yml
+++ b/docs/toc_ru.yml
@@ -158,6 +158,7 @@ nav:
     - 'Серверные настройки': 'operations/server_settings/settings.md'
   - 'Настройки':
     - 'Введение': 'operations/settings/index.md'
+    - 'Разрешения на выполнение запросов': 'operations/settings/permissions_for_queries.md'
     - 'Ограничения на сложность запроса': 'operations/settings/query_complexity.md'
     - 'Настройки': 'operations/settings/settings.md'
     - 'Профили настроек': 'operations/settings/settings_profiles.md'
diff --git a/docs/toc_zh.yml b/docs/toc_zh.yml
index 3ae4f5de3c9..3b5a3d2756e 100644
--- a/docs/toc_zh.yml
+++ b/docs/toc_zh.yml
@@ -157,6 +157,7 @@ nav:
     - 'Server settings': 'operations/server_settings/settings.md'
   - 'Settings':
     - 'Introduction': 'operations/settings/index.md'
+    - 'Permissions for queries': 'operations/settings/permissions_for_queries.md'
     - 'Restrictions on query complexity': 'operations/settings/query_complexity.md'
     - 'Settings': 'operations/settings/settings.md'
     - 'Settings profiles': 'operations/settings/settings_profiles.md'
diff --git a/docs/zh/operations/settings/permissions_for_queries.md b/docs/zh/operations/settings/permissions_for_queries.md
new file mode 120000
index 00000000000..ce8473bf01c
--- /dev/null
+++ b/docs/zh/operations/settings/permissions_for_queries.md
@@ -0,0 +1 @@
+../../../en/operations/settings/permissions_for_queries.md
\ No newline at end of file