thevar1able/ClickHouse
1
0
Fork 0
mirror of https://github.com/ClickHouse/ClickHouse.git synced 2024-10-14 12:30:49 +00:00
Code Issues Packages Projects Releases Wiki Activity
4f2b06a6c7
ClickHouse/docs/en/operations/settings/permissions_for_queries.md
BayoNet 361c0b8e59 New topic in the docs "Permissions for queries" (#3616) 
* Update of english version of descriprion of the table function `file`.

* New syntax for ReplacingMergeTree.
Some improvements in text.

* Significantly change article about SummingMergeTree.
Article is restructured, text is changed in many places of the document. New syntax for table creation is described.

* Descriptions of AggregateFunction and AggregatingMergeTree are updated. Russian version.

* New syntax for new syntax of CREATE TABLE

* Added english docs on Aggregating, Replacing and SummingMergeTree.

* CollapsingMergeTree docs. English version.

* 1. Update of CollapsingMergeTree. 2. Minor changes in markup

* Update aggregatefunction.md

* Update aggregatefunction.md

* Update aggregatefunction.md

* Update aggregatingmergetree.md

* GraphiteMergeTree docs update.
New syntax for creation of Replicated* tables.
Minor changes in *MergeTree tables creation syntax.

* Markup fix

* Markup and language fixes

* Clarification in the CollapsingMergeTree article

* DOCAPI-4821. Sync between ru and en versions of docs.

* Fixed the ambiguity in geo functions description.

* Example of JOIN in ru docs

* Deleted misinforming example.

* New topic 'Permissions for queries'

* Fixes for docs consistency.

* Self-targeting link.
2018-11-20 18:26:56 +03:00

1.9 KiB
Raw Blame History

Permissions for queries

Queries in ClickHouse can be divided into several groups:

  1. Read data queries: SELECT, SHOW, DESCRIBE, EXISTS.
  2. Write data queries: INSERT, OPTIMIZE.
  3. Change settings queries: SET, USE.
  4. DDL queries: CREATE, ALTER, RENAME, ATTACH, DETACH, DROP TRUNCATE.
  5. Particular queries: KILL QUERY.

The following settings regulate user permissions for the groups of queries:

  • readonly — Restricts permissions for all groups of queries excepting DDL.
  • allow_ddl — Restricts permissions for DDL queries.

KILL QUERY performs with any settings.

readonly

Restricts permissions for read data, write data and change settings queries.

See above for the division of queries into groups.

Possible values

  • 0 — All queries are allowed. Default value.
  • 1 — Read data queries only are allowed.
  • 2 — Read data and change settings queries are allowed.

After setting readonly = 1, a user can't change readonly and allow_ddl settings in the current session.

When using the GET method in the HTTP interface, readonly = 1 is set automatically. To modify data use the POST method.

allow_ddl

Allows/denies DDL queries.

See above for the division of queries into groups.

Possible values

  • 0 — DDL queries are not allowed.
  • 1 — DDL queries are allowed. Default value.

You can not execute SET allow_ddl = 1 if allow_ddl = 0 for current session.

Original article