thevar1able/ClickHouse
1
0
Fork 0
mirror of https://github.com/ClickHouse/ClickHouse.git synced 2024-10-08 09:30:48 +00:00
Code Issues Packages Projects Releases Wiki Activity
585df99587
ClickHouse/docs/en/operations/settings/permissions_for_queries.md
Ivan Blinkov 585df99587 fix link
2018-11-27 11:17:04 +03:00

1.9 KiB
Raw Blame History

Permissions for queries

Queries in ClickHouse can be divided into several groups:

  1. Read data queries: SELECT, SHOW, DESCRIBE, EXISTS.
  2. Write data queries: INSERT, OPTIMIZE.
  3. Change settings queries: SET, USE.
  4. DDL queries: CREATE, ALTER, RENAME, ATTACH, DETACH, DROP TRUNCATE.
  5. Particular queries: KILL QUERY.

The following settings regulate user permissions for the groups of queries:

  • readonly — Restricts permissions for all groups of queries excepting DDL.
  • allow_ddl — Restricts permissions for DDL queries.

KILL QUERY performs with any settings.

readonly

Restricts permissions for read data, write data and change settings queries.

See above for the division of queries into groups.

Possible values

  • 0 — All queries are allowed. Default value.
  • 1 — Read data queries only are allowed.
  • 2 — Read data and change settings queries are allowed.

After setting readonly = 1, a user can't change readonly and allow_ddl settings in the current session.

When using the GET method in the HTTP interface, readonly = 1 is set automatically. To modify data use the POST method.

allow_ddl

Allows/denies DDL queries.

See above for the division of queries into groups.

Possible values

  • 0 — DDL queries are not allowed.
  • 1 — DDL queries are allowed. Default value.

You can not execute SET allow_ddl = 1 if allow_ddl = 0 for current session.

Original article