thevar1able/ClickHouse
1
0
Fork 0
mirror of https://github.com/ClickHouse/ClickHouse.git synced 2024-10-06 16:40:48 +00:00
Code Issues Packages Projects Releases Wiki Activity
2e1f6bc56d
ClickHouse/docs/en/operations/settings/permissions_for_queries.md
Ivan Blinkov 2e1f6bc56d
[experimental] add "es" docs language as machine translated draft (#9787) 
* replace exit with assert in test_single_page

* improve save_raw_single_page docs option

* More grammar fixes

* "Built from" link in new tab

* fix mistype

* Example of include in docs

* add anchor to meeting form

* Draft of translation helper

* WIP on translation helper

* Replace some fa docs content with machine translation

* add normalize-en-markdown.sh

* normalize some en markdown

* normalize some en markdown

* admonition support

* normalize

* normalize

* normalize

* support wide tables

* normalize

* normalize

* normalize

* normalize

* normalize

* normalize

* normalize

* normalize

* normalize

* normalize

* normalize

* normalize

* normalize

* lightly edited machine translation of introdpection.md

* lightly edited machhine translation of lazy.md

* WIP on translation utils

* Normalize ru docs

* Normalize other languages

* some fixes

* WIP on normalize/translate tools

* add requirements.txt

* [experimental] add es docs language as machine translated draft

* remove duplicate script

* Back to wider tab-stop (narrow renders not so well)
2020-03-21 07:11:51 +03:00

2.1 KiB
Raw Blame History

Permissions for Queries

Queries in ClickHouse can be divided into several types:

  1. Read data queries: SELECT, SHOW, DESCRIBE, EXISTS.
  2. Write data queries: INSERT, OPTIMIZE.
  3. Change settings query: SET, USE.
  4. DDL queries: CREATE, ALTER, RENAME, ATTACH, DETACH, DROP TRUNCATE.
  5. KILL QUERY.

The following settings regulate user permissions by the type of query:

  • readonly — Restricts permissions for all types of queries except DDL queries.
  • allow_ddl — Restricts permissions for DDL queries.

KILL QUERY can be performed with any settings.

readonly

Restricts permissions for reading data, write data and change settings queries.

See how the queries are divided into types above.

Possible values:

  • 0 — All queries are allowed.
  • 1 — Only read data queries are allowed.
  • 2 — Read data and change settings queries are allowed.

After setting readonly = 1, the user cant change readonly and allow_ddl settings in the current session.

When using the GET method in the HTTP interface, readonly = 1 is set automatically. To modify data, use the POST method.

Setting readonly = 1 prohibit the user from changing all the settings. There is a way to prohibit the user from changing only specific settings, for details see constraints on settings.

Default value: 0

allow_ddl

Allows or denies DDL queries.

See how the queries are divided into types above.

Possible values:

  • 0 — DDL queries are not allowed.
  • 1 — DDL queries are allowed.

You cant execute SET allow_ddl = 1 if allow_ddl = 0 for the current session.

Default value: 1

Original article