mirror of
https://github.com/ClickHouse/ClickHouse.git
synced 2024-10-08 09:30:48 +00:00
1.9 KiB
1.9 KiB
Permissions for queries
Queries in ClickHouse can be divided into several groups:
- Read data queries:
SELECT
,SHOW
,DESCRIBE
,EXISTS
. - Write data queries:
INSERT
,OPTIMIZE
. - Change settings queries:
SET
,USE
. - DDL queries:
CREATE
,ALTER
,RENAME
,ATTACH
,DETACH
,DROP
TRUNCATE
. - Particular queries:
KILL QUERY
.
The following settings regulate user permissions for the groups of queries:
- readonly — Restricts permissions for all groups of queries excepting DDL.
- allow_ddl — Restricts permissions for DDL queries.
KILL QUERY
performs with any settings.
readonly
Restricts permissions for read data, write data and change settings queries.
See above for the division of queries into groups.
Possible values
- 0 — All queries are allowed. Default value.
- 1 — Read data queries only are allowed.
- 2 — Read data and change settings queries are allowed.
After setting readonly = 1
, a user can't change readonly
and allow_ddl
settings in the current session.
When using the GET
method in the HTTP interface, readonly = 1
is set automatically. To modify data use the POST
method.
allow_ddl
Allows/denies DDL queries.
See above for the division of queries into groups.
Possible values
- 0 — DDL queries are not allowed.
- 1 — DDL queries are allowed. Default value.
You can not execute SET allow_ddl = 1
if allow_ddl = 0
for current session.