thevar1able/ClickHouse
1
0
Fork 0
mirror of https://github.com/ClickHouse/ClickHouse.git synced 2024-11-12 02:23:14 +00:00
Code Issues Packages Projects Releases Wiki Activity
e583c573b1
ClickHouse/tests/testflows/rbac/requirements/requirements.md

149 KiB
Raw Blame History

SRS-006 ClickHouse Role Based Access Control
Software Requirements Specification

Table of Contents

Revision History

This document is stored in an electronic form using Git source control management software hosted in a Gitlab repository.

All the updates are tracked using the Git's revision history.

Introduction

ClickHouse currently has support for only basic access control. Users can be defined to allow access to specific databases and dictionaries. A profile is used for the user that can specify a read-only mode as well as a set of quotas that can limit user's resource consumption. Beyond this basic functionality there is no way to control access rights within a database. A user can either be denied access, have read-only rights or have complete access to the whole database on the server.

In many cases a more granular access control is needed where one can control user's access in a much more granular approach. A typical solution to this problem in the SQL world is provided by implementing RBAC (role-based access control). For example a version of RBAC is implemented by both MySQL and PostgreSQL.

ClickHouse shall implement RBAC to meet the growing needs of its users. In order to minimize the learning curve the concepts and the syntax of its implementation shall be as close as possible to the MySQL and PostgreSQL. The goal is to allow for fast transition of users which are already familiar with these features in those databases to ClickHouse.

Terminology

  • RBAC - role-based access control
  • quota - setting that limits specific resource consumption

Privilege Definitions

  • usage - privilege to access a database or a table
  • select - privilege to read data from a database or a table
  • select columns - privilege to read specific columns from a table
  • insert privilege to insert data into a database or a table
  • delete privilege to delete a database or a table
  • alter privilege to alter tables
  • create privilege to create a database or a table
  • drop privilege to drop a database or a table
  • all privilege that includes usage, select, select columns, insert, delete, alter, create, and drop
  • grant option privilege to grant the same privilege to other users or roles
  • admin option privilege to perform administrative tasks are defined in the system queries

Requirements

Generic

RQ.SRS-006.RBAC

version: 1.0

ClickHouse SHALL support role based access control.

Login

RQ.SRS-006.RBAC.Login

version: 1.0

ClickHouse SHALL only allow access to the server for a given user only when correct username and password are used during the connection to the server.

RQ.SRS-006.RBAC.Login.DefaultUser

version: 1.0

ClickHouse SHALL use the default user when no username and password are specified during the connection to the server.

User

RQ.SRS-006.RBAC.User

version: 1.0

ClickHouse SHALL support creation and manipulation of one or more user accounts to which roles, privileges, settings profile, quotas and row policies can be assigned.

RQ.SRS-006.RBAC.User.Roles

version: 1.0

ClickHouse SHALL support assigning one or more roles to a user.

RQ.SRS-006.RBAC.User.Privileges

version: 1.0

ClickHouse SHALL support assigning one or more privileges to a user.

RQ.SRS-006.RBAC.User.Variables

version: 1.0

ClickHouse SHALL support assigning one or more variables to a user.

RQ.SRS-006.RBAC.User.Variables.Constraints

version: 1.0

ClickHouse SHALL support assigning min, max and read-only constraints for the variables that can be set and read by the user.

RQ.SRS-006.RBAC.User.SettingsProfile

version: 1.0

ClickHouse SHALL support assigning one or more settings profiles to a user.

RQ.SRS-006.RBAC.User.Quotas

version: 1.0

ClickHouse SHALL support assigning one or more quotas to a user.

RQ.SRS-006.RBAC.User.RowPolicies

version: 1.0

ClickHouse SHALL support assigning one or more row policies to a user.

RQ.SRS-006.RBAC.User.AccountLock

version: 1.0

ClickHouse SHALL support locking and unlocking of user accounts.

RQ.SRS-006.RBAC.User.AccountLock.DenyAccess

version: 1.0

ClickHouse SHALL deny access to the user whose account is locked.

RQ.SRS-006.RBAC.User.DefaultRole

version: 1.0

ClickHouse SHALL support assigning a default role to a user.

RQ.SRS-006.RBAC.User.RoleSelection

version: 1.0

ClickHouse SHALL support selection of one or more roles from the available roles that are assigned to a user.

RQ.SRS-006.RBAC.User.ShowCreate

version: 1.0

ClickHouse SHALL support showing the command of how user account was created.

RQ.SRS-006.RBAC.User.ShowPrivileges

version: 1.0

ClickHouse SHALL support listing the privileges of the user.

Role

RQ.SRS-006.RBAC.Role

version: 1.0

[ClikHouse] SHALL support creation and manipulation of roles to which privileges, settings profile, quotas and row policies can be assigned.

RQ.SRS-006.RBAC.Role.Privileges

version: 1.0

ClickHouse SHALL support assigning one or more privileges to a role.

RQ.SRS-006.RBAC.Role.Variables

version: 1.0

ClickHouse SHALL support assigning one or more variables to a role.

RQ.SRS-006.RBAC.Role.SettingsProfile

version: 1.0

ClickHouse SHALL support assigning one or more settings profiles to a role.

RQ.SRS-006.RBAC.Role.Quotas

version: 1.0

ClickHouse SHALL support assigning one or more quotas to a role.

RQ.SRS-006.RBAC.Role.RowPolicies

version: 1.0

ClickHouse SHALL support assigning one or more row policies to a role.

Partial Revokes

RQ.SRS-006.RBAC.PartialRevokes

version: 1.0

ClickHouse SHALL support partial revoking of privileges granted to a user or a role.

Settings Profile

RQ.SRS-006.RBAC.SettingsProfile

version: 1.0

ClickHouse SHALL support creation and manipulation of settings profiles that can include value definition for one or more variables and can can be assigned to one or more users or roles.

RQ.SRS-006.RBAC.SettingsProfile.Constraints

version: 1.0

ClickHouse SHALL support assigning min, max and read-only constraints for the variables specified in the settings profile.

RQ.SRS-006.RBAC.SettingsProfile.ShowCreate

version: 1.0

ClickHouse SHALL support showing the command of how setting profile was created.

Quotas

RQ.SRS-006.RBAC.Quotas

version: 1.0

ClickHouse SHALL support creation and manipulation of quotas that can be used to limit resource usage by a user or a role over a period of time.

RQ.SRS-006.RBAC.Quotas.Keyed

version: 1.0

ClickHouse SHALL support creating quotas that are keyed so that a quota is tracked separately for each key value.

RQ.SRS-006.RBAC.Quotas.Queries

version: 1.0

ClickHouse SHALL support setting queries quota to limit the total number of requests.

RQ.SRS-006.RBAC.Quotas.Errors

version: 1.0

ClickHouse SHALL support setting errors quota to limit the number of queries that threw an exception.

RQ.SRS-006.RBAC.Quotas.ResultRows

version: 1.0

ClickHouse SHALL support setting result rows quota to limit the the total number of rows given as the result.

RQ.SRS-006.RBAC.Quotas.ReadRows

version: 1.0

ClickHouse SHALL support setting read rows quota to limit the total number of source rows read from tables for running the query on all remote servers.

RQ.SRS-006.RBAC.Quotas.ResultBytes

version: 1.0

ClickHouse SHALL support setting result bytes quota to limit the total number of bytes that can be returned as the result.

RQ.SRS-006.RBAC.Quotas.ReadBytes

version: 1.0

ClickHouse SHALL support setting read bytes quota to limit the total number of source bytes read from tables for running the query on all remote servers.

RQ.SRS-006.RBAC.Quotas.ExecutionTime

version: 1.0

ClickHouse SHALL support setting execution time quota to limit the maximum query execution time.

RQ.SRS-006.RBAC.Quotas.ShowCreate

version: 1.0

ClickHouse SHALL support showing the command of how quota was created.

Row Policy

RQ.SRS-006.RBAC.RowPolicy

version: 1.0

ClickHouse SHALL support creation and manipulation of table row policies that can be used to limit access to the table contents for a user or a role using a specified condition.

RQ.SRS-006.RBAC.RowPolicy.Condition

version: 1.0

ClickHouse SHALL support row policy conditions that can be any SQL expression that returns a boolean.

RQ.SRS-006.RBAC.RowPolicy.ShowCreate

version: 1.0

ClickHouse SHALL support showing the command of how row policy was created.

Specific

RQ.SRS-006.RBAC.User.Use.DefaultRole

version: 1.0

ClickHouse SHALL by default use default role or roles assigned to the user if specified.

RQ.SRS-006.RBAC.User.Use.AllRolesWhenNoDefaultRole

version: 1.0

ClickHouse SHALL by default use all the roles assigned to the user if no default role or roles are specified for the user.

RQ.SRS-006.RBAC.User.Create

version: 1.0

ClickHouse SHALL support creating user accounts using CREATE USER statement.

RQ.SRS-006.RBAC.User.Create.IfNotExists

version: 1.0

ClickHouse SHALL support IF NOT EXISTS clause in the CREATE USER statement to skip raising an exception if a user with the same name already exists. If the IF NOT EXISTS clause is not specified then an exception SHALL be raised if a user with the same name already exists.

RQ.SRS-006.RBAC.User.Create.Replace

version: 1.0

ClickHouse SHALL support OR REPLACE clause in the CREATE USER statement to replace existing user account if already exists.

RQ.SRS-006.RBAC.User.Create.Password.NoPassword

version: 1.0

ClickHouse SHALL support specifying no password when creating user account using IDENTIFIED WITH NO_PASSWORD clause .

RQ.SRS-006.RBAC.User.Create.Password.NoPassword.Login

version: 1.0

ClickHouse SHALL use no password for the user when connecting to the server when an account was created with IDENTIFIED WITH NO_PASSWORD clause.

RQ.SRS-006.RBAC.User.Create.Password.PlainText

version: 1.0

ClickHouse SHALL support specifying plaintext password when creating user account using IDENTIFIED WITH PLAINTEXT_PASSWORD BY clause.

RQ.SRS-006.RBAC.User.Create.Password.PlainText.Login

version: 1.0

ClickHouse SHALL use the plaintext password passed by the user when connecting to the server when an account was created with IDENTIFIED WITH PLAINTEXT_PASSWORD clause and compare the password with the one used in the CREATE USER statement.

RQ.SRS-006.RBAC.User.Create.Password.Sha256Password

version: 1.0

ClickHouse SHALL support specifying the result of applying SHA256 to some password when creating user account using IDENTIFIED WITH SHA256_PASSWORD BY or IDENTIFIED BY clause.

RQ.SRS-006.RBAC.User.Create.Password.Sha256Password.Login

version: 1.0

ClickHouse SHALL calculate SHA256 of the password passed by the user when connecting to the server when an account was created with IDENTIFIED WITH SHA256_PASSWORD or with 'IDENTIFIED BY' clause and compare the calculated hash to the one used in the CREATE USER statement.

RQ.SRS-006.RBAC.User.Create.Password.Sha256Hash

version: 1.0

ClickHouse SHALL support specifying the result of applying SHA256 to some already calculated hash when creating user account using IDENTIFIED WITH SHA256_HASH clause.

RQ.SRS-006.RBAC.User.Create.Password.Sha256Hash.Login

version: 1.0

ClickHouse SHALL calculate SHA256 of the already calculated hash passed by the user when connecting to the server when an account was created with IDENTIFIED WITH SHA256_HASH clause and compare the calculated hash to the one used in the CREATE USER statement.

RQ.SRS-006.RBAC.User.Create.Password.DoubleSha1Password

version: 1.0

ClickHouse SHALL support specifying the result of applying SHA1 two times to a password when creating user account using IDENTIFIED WITH DOUBLE_SHA1_PASSWORD clause.

RQ.SRS-006.RBAC.User.Create.Password.DoubleSha1Password.Login

version: 1.0

ClickHouse SHALL calculate SHA1 two times over the password passed by the user when connecting to the server when an account was created with IDENTIFIED WITH DOUBLE_SHA1_PASSWORD clause and compare the calculated value to the one used in the CREATE USER statement.

RQ.SRS-006.RBAC.User.Create.Password.DoubleSha1Hash

version: 1.0

ClickHouse SHALL support specifying the result of applying SHA1 two times to a hash when creating user account using IDENTIFIED WITH DOUBLE_SHA1_HASH clause.

RQ.SRS-006.RBAC.User.Create.Password.DoubleSha1Hash.Login

version: 1.0

ClickHouse SHALL calculate SHA1 two times over the hash passed by the user when connecting to the server when an account was created with IDENTIFIED WITH DOUBLE_SHA1_HASH clause and compare the calculated value to the one used in the CREATE USER statement.

RQ.SRS-006.RBAC.User.Create.Host.Name

version: 1.0

ClickHouse SHALL support specifying one or more hostnames from which user can access the server using the HOST NAME clause in the CREATE USER statement.

RQ.SRS-006.RBAC.User.Create.Host.Regexp

version: 1.0

ClickHouse SHALL support specifying one or more regular expressions to match hostnames from which user can access the server using the HOST REGEXP clause in the CREATE USER statement.

RQ.SRS-006.RBAC.User.Create.Host.IP

version: 1.0

ClickHouse SHALL support specifying one or more IP address or subnet from which user can access the server using the HOST IP clause in the CREATE USER statement.

RQ.SRS-006.RBAC.User.Create.Host.Any

version: 1.0

ClickHouse SHALL support specifying HOST ANY clause in the CREATE USER statement to indicate that user can access the server from any host.

RQ.SRS-006.RBAC.User.Create.Host.None

version: 1.0

ClickHouse SHALL support fobidding access from any host using HOST NONE clause in the CREATE USER statement.

RQ.SRS-006.RBAC.User.Create.Host.Local

version: 1.0

ClickHouse SHALL support limiting user access to local only using HOST LOCAL clause in the CREATE USER statement.

RQ.SRS-006.RBAC.User.Create.Host.Like

version: 1.0

ClickHouse SHALL support specifying host using LIKE command syntax using the HOST LIKE clause in the CREATE USER statement.

RQ.SRS-006.RBAC.User.Create.Host.Default

version: 1.0

ClickHouse SHALL support user access to server from any host if no HOST clause is specified in the CREATE USER statement.

RQ.SRS-006.RBAC.User.Create.DefaultRole

version: 1.0

ClickHouse SHALL support specifying one or more default roles using DEFAULT ROLE clause in the CREATE USER statement.

RQ.SRS-006.RBAC.User.Create.DefaultRole.None

version: 1.0

ClickHouse SHALL support specifying no default roles using DEFAULT ROLE NONE clause in the CREATE USER statement.

RQ.SRS-006.RBAC.User.Create.DefaultRole.All

version: 1.0

ClickHouse SHALL support specifying all roles to be used as default using DEFAULT ROLE ALL clause in the CREATE USER statement.

RQ.SRS-006.RBAC.User.Create.Settings

version: 1.0

ClickHouse SHALL support specifying settings and profile using SETTINGS clause in the CREATE USER statement.

RQ.SRS-006.RBAC.User.Create.OnCluster

version: 1.0

ClickHouse SHALL support specifying cluster on which the user will be created using ON CLUSTER clause in the CREATE USER statement.

RQ.SRS-006.RBAC.User.Create.Syntax

version: 1.0

ClickHouse SHALL support the following syntax for CREATE USER statement.

CREATE USER [IF NOT EXISTS | OR REPLACE] name [ON CLUSTER cluster_name]
    [IDENTIFIED [WITH {NO_PASSWORD|PLAINTEXT_PASSWORD|SHA256_PASSWORD|SHA256_HASH|DOUBLE_SHA1_PASSWORD|DOUBLE_SHA1_HASH}] BY {'password'|'hash'}]
    [HOST {LOCAL | NAME 'name' | NAME REGEXP 'name_regexp' | IP 'address' | LIKE 'pattern'} [,...] | ANY | NONE]
    [DEFAULT ROLE role [,...]]
    [SETTINGS variable [= value] [MIN [=] min_value] [MAX [=] max_value] [READONLY|WRITABLE] | PROFILE 'profile_name'] [,...]
RQ.SRS-006.RBAC.User.Alter

version: 1.0

ClickHouse SHALL support altering user accounts using ALTER USER statement.

RQ.SRS-006.RBAC.User.Alter.OrderOfEvaluation

version: 1.0

ClickHouse SHALL support evaluating ALTER USER statement from left to right where things defined on the right override anything that was previously defined on the left.

RQ.SRS-006.RBAC.User.Alter.IfExists

version: 1.0

ClickHouse SHALL support IF EXISTS clause in the ALTER USER statement to skip raising an exception (producing a warning instead) if a user with the specified name does not exist. If the IF EXISTS clause is not specified then an exception SHALL be raised if a user with the name does not exist.

RQ.SRS-006.RBAC.User.Alter.Cluster

version: 1.0

ClickHouse SHALL support specifying the cluster the user is on when altering user account using ON CLUSTER clause in the ALTER USER statement.

RQ.SRS-006.RBAC.User.Alter.Rename

version: 1.0

ClickHouse SHALL support specifying a new name for the user when altering user account using RENAME clause in the ALTER USER statement.

RQ.SRS-006.RBAC.User.Alter.Password.PlainText

version: 1.0

ClickHouse SHALL support specifying plaintext password when altering user account using IDENTIFIED WITH PLAINTEXT_PASSWORD BY or using shorthand IDENTIFIED BY clause in the ALTER USER statement.

RQ.SRS-006.RBAC.User.Alter.Password.Sha256Password

version: 1.0

ClickHouse SHALL support specifying the result of applying SHA256 to some password as identification when altering user account using IDENTIFIED WITH SHA256_PASSWORD clause in the ALTER USER statement.

RQ.SRS-006.RBAC.User.Alter.Password.DoubleSha1Password

version: 1.0

ClickHouse SHALL support specifying the result of applying Double SHA1 to some password as identification when altering user account using IDENTIFIED WITH DOUBLE_SHA1_PASSWORD clause in the ALTER USER statement.

RQ.SRS-006.RBAC.User.Alter.Host.AddDrop

version: 1.0

ClickHouse SHALL support altering user by adding and dropping access to hosts with the ADD HOST or the DROP HOSTin the ALTER USER statement.

RQ.SRS-006.RBAC.User.Alter.Host.Local

version: 1.0

ClickHouse SHALL support limiting user access to local only using HOST LOCAL clause in the ALTER USER statement.

RQ.SRS-006.RBAC.User.Alter.Host.Name

version: 1.0

ClickHouse SHALL support specifying one or more hostnames from which user can access the server using the HOST NAME clause in the ALTER USER statement.

RQ.SRS-006.RBAC.User.Alter.Host.Regexp

version: 1.0

ClickHouse SHALL support specifying one or more regular expressions to match hostnames from which user can access the server using the HOST REGEXP clause in the ALTER USER statement.

RQ.SRS-006.RBAC.User.Alter.Host.IP

version: 1.0

ClickHouse SHALL support specifying one or more IP address or subnet from which user can access the server using the HOST IP clause in the ALTER USER statement.

RQ.SRS-006.RBAC.User.Alter.Host.Like

version: 1.0

ClickHouse SHALL support specifying sone or more similar hosts using LIKE command syntax using the HOST LIKE clause in the ALTER USER statement.

RQ.SRS-006.RBAC.User.Alter.Host.Any

version: 1.0

ClickHouse SHALL support specifying HOST ANY clause in the ALTER USER statement to indicate that user can access the server from any host.

RQ.SRS-006.RBAC.User.Alter.Host.None

version: 1.0

ClickHouse SHALL support fobidding access from any host using HOST NONE clause in the ALTER USER statement.

RQ.SRS-006.RBAC.User.Alter.DefaultRole

version: 1.0

ClickHouse SHALL support specifying one or more default roles using DEFAULT ROLE clause in the ALTER USER statement.

RQ.SRS-006.RBAC.User.Alter.DefaultRole.All

version: 1.0

ClickHouse SHALL support specifying all roles to be used as default using DEFAULT ROLE ALL clause in the ALTER USER statement.

RQ.SRS-006.RBAC.User.Alter.DefaultRole.AllExcept

version: 1.0

ClickHouse SHALL support specifying one or more roles which will not be used as default using DEFAULT ROLE ALL EXCEPT clause in the ALTER USER statement.

RQ.SRS-006.RBAC.User.Alter.Settings

version: 1.0

ClickHouse SHALL support specifying one or more variables using SETTINGS clause in the ALTER USER statement.

RQ.SRS-006.RBAC.User.Alter.Settings.Min

version: 1.0

ClickHouse SHALL support specifying a minimum value for the variable specifed using SETTINGS with MIN clause in the ALTER USER statement.

RQ.SRS-006.RBAC.User.Alter.Settings.Max

version: 1.0

ClickHouse SHALL support specifying a maximum value for the variable specifed using SETTINGS with MAX clause in the ALTER USER statement.

RQ.SRS-006.RBAC.User.Alter.Settings.Profile

version: 1.0

ClickHouse SHALL support specifying the name of a profile for the variable specifed using SETTINGS with PROFILE clause in the ALTER USER statement.

RQ.SRS-006.RBAC.User.Alter.Syntax

version: 1.0

ClickHouse SHALL support the following syntax for the ALTER USER statement.

ALTER USER [IF EXISTS] name [ON CLUSTER cluster_name]
    [RENAME TO new_name]
    [IDENTIFIED [WITH {PLAINTEXT_PASSWORD|SHA256_PASSWORD|DOUBLE_SHA1_PASSWORD}] BY {'password'|'hash'}]
    [[ADD|DROP] HOST {LOCAL | NAME 'name' | REGEXP 'name_regexp' | IP 'address' | LIKE 'pattern'} [,...] | ANY | NONE]
    [DEFAULT ROLE role [,...] | ALL | ALL EXCEPT role [,...] ]
    [SETTINGS variable [= value] [MIN [=] min_value] [MAX [=] max_value] [READONLY|WRITABLE] | PROFILE 'profile_name'] [,...]
RQ.SRS-006.RBAC.SetDefaultRole

version: 1.0

ClickHouse SHALL support setting or changing granted roles to default for one or more users using SET DEFAULT ROLE statement which SHALL permanently change the default roles for the user or users if successful.

RQ.SRS-006.RBAC.SetDefaultRole.CurrentUser

version: 1.0

ClickHouse SHALL support setting or changing granted roles to default for the current user using CURRENT_USER clause in the SET DEFAULT ROLE statement.

RQ.SRS-006.RBAC.SetDefaultRole.All

version: 1.0

ClickHouse SHALL support setting or changing all granted roles to default for one or more users using ALL clause in the SET DEFAULT ROLE statement.

RQ.SRS-006.RBAC.SetDefaultRole.AllExcept

version: 1.0

ClickHouse SHALL support setting or changing all granted roles except those specified to default for one or more users using ALL EXCEPT clause in the SET DEFAULT ROLE statement.

RQ.SRS-006.RBAC.SetDefaultRole.None

version: 1.0

ClickHouse SHALL support removing all granted roles from default for one or more users using NONE clause in the SET DEFAULT ROLE statement.

RQ.SRS-006.RBAC.SetDefaultRole.Syntax

version: 1.0

ClickHouse SHALL support the following syntax for the SET DEFAULT ROLE statement.

SET DEFAULT ROLE
    {NONE | role [,...] | ALL | ALL EXCEPT role [,...]}
    TO {user|CURRENT_USER} [,...]
RQ.SRS-006.RBAC.SetRole

version: 1.0

ClickHouse SHALL support activating role or roles for the current user using SET ROLE statement.

RQ.SRS-006.RBAC.SetRole.Default

version: 1.0

ClickHouse SHALL support activating default roles for the current user using DEFAULT clause in the SET ROLE statement.

RQ.SRS-006.RBAC.SetRole.None

version: 1.0

ClickHouse SHALL support activating no roles for the current user using NONE clause in the SET ROLE statement.

RQ.SRS-006.RBAC.SetRole.All

version: 1.0

ClickHouse SHALL support activating all roles for the current user using ALL clause in the SET ROLE statement.

RQ.SRS-006.RBAC.SetRole.AllExcept

version: 1.0

ClickHouse SHALL support activating all roles except those specified for the current user using ALL EXCEPT clause in the SET ROLE statement.

RQ.SRS-006.RBAC.SetRole.Syntax

version: 1.0

SET ROLE {DEFAULT | NONE | role [,...] | ALL | ALL EXCEPT role [,...]}
RQ.SRS-006.RBAC.User.ShowCreateUser

version: 1.0

ClickHouse SHALL support showing the CREATE USER statement used to create the current user object using the SHOW CREATE USER statement with CURRENT_USER or no argument.

RQ.SRS-006.RBAC.User.ShowCreateUser.For

version: 1.0

ClickHouse SHALL support showing the CREATE USER statement used to create the specified user object using the FOR clause in the SHOW CREATE USER statement.

RQ.SRS-006.RBAC.User.ShowCreateUser.Syntax

version: 1.0

ClickHouse SHALL support showing the following syntax for SHOW CREATE USER statement.

SHOW CREATE USER [name | CURRENT_USER]
RQ.SRS-006.RBAC.User.Drop

version: 1.0

ClickHouse SHALL support removing a user account using DROP USER statement.

RQ.SRS-006.RBAC.User.Drop.IfExists

version: 1.0

ClickHouse SHALL support using IF EXISTS clause in the DROP USER statement to skip raising an exception if the user account does not exist. If the IF EXISTS clause is not specified then an exception SHALL be raised if a user does not exist.

RQ.SRS-006.RBAC.User.Drop.OnCluster

version: 1.0

ClickHouse SHALL support using ON CLUSTER clause in the DROP USER statement to specify the name of the cluster the user should be dropped from.

RQ.SRS-006.RBAC.User.Drop.Syntax

version: 1.0

ClickHouse SHALL support the following syntax for DROP USER statement

DROP USER [IF EXISTS] name [,...] [ON CLUSTER cluster_name]
RQ.SRS-006.RBAC.Role.Create

version: 1.0

ClickHouse SHALL support creating a role using CREATE ROLE statement.

RQ.SRS-006.RBAC.Role.Create.IfNotExists

version: 1.0

ClickHouse SHALL support IF NOT EXISTS clause in the CREATE ROLE statement to raising an exception if a role with the same name already exists. If the IF NOT EXISTS clause is not specified then an exception SHALL be raised if a role with the same name already exists.

RQ.SRS-006.RBAC.Role.Create.Replace

version: 1.0

ClickHouse SHALL support OR REPLACE clause in the CREATE ROLE statement to replace existing role if it already exists.

RQ.SRS-006.RBAC.Role.Create.Settings

version: 1.0

ClickHouse SHALL support specifying settings and profile using SETTINGS clause in the CREATE ROLE statement.

RQ.SRS-006.RBAC.Role.Create.Syntax

version: 1.0

ClickHouse SHALL support the following syntax for the CREATE ROLE statement

CREATE ROLE [IF NOT EXISTS | OR REPLACE] name
    [SETTINGS variable [= value] [MIN [=] min_value] [MAX [=] max_value] [READONLY|WRITABLE] | PROFILE 'profile_name'] [,...]
RQ.SRS-006.RBAC.Role.Create.Effect

version: 1.0

ClickHouse SHALL make the role available to be linked with users, privileges, quotas and settings profiles after the successful execution of the CREATE ROLE statement.

RQ.SRS-006.RBAC.Role.Alter

version: 1.0

ClickHouse SHALL support altering one role using ALTER ROLE statement.

RQ.SRS-006.RBAC.Role.Alter.IfExists

version: 1.0

ClickHouse SHALL support altering one role using ALTER ROLE IF EXISTS statement, where no exception will be thrown if the role does not exist.

RQ.SRS-006.RBAC.Role.Alter.Cluster

version: 1.0

ClickHouse SHALL support altering one role using ALTER ROLE role ON CLUSTER statement to specify the cluster location of the specified role.

RQ.SRS-006.RBAC.Role.Alter.Rename

version: 1.0

ClickHouse SHALL support altering one role using ALTER ROLE role RENAME TO statement which renames the role to a specified new name. If the new name already exists, that an exception SHALL be raised unless the IF EXISTS clause is specified, by which no exception will be raised and nothing will change.

RQ.SRS-006.RBAC.Role.Alter.Settings

version: 1.0

ClickHouse SHALL support altering the settings of one role using ALTER ROLE role SETTINGS ... statement. Altering variable values, creating max and min values, specifying readonly or writable, and specifying the profiles for which this alter change shall be applied to, are all supported, using the following syntax.

[SETTINGS variable [= value] [MIN [=] min_value] [MAX [=] max_value] [READONLY|WRITABLE] | PROFILE 'profile_name'] [,...]

One or more variables and profiles may be specified as shown above.

RQ.SRS-006.RBAC.Role.Alter.Effect

version: 1.0

ClickHouse SHALL alter the abilities granted by the role from all the users to which the role was assigned after the successful execution of the ALTER ROLE statement. Operations in progress SHALL be allowed to complete as is, but any new operation that requires the privileges that not otherwise granted to the user SHALL fail.

RQ.SRS-006.RBAC.Role.Alter.Syntax

version: 1.0

ALTER ROLE [IF EXISTS] name [ON CLUSTER cluster_name]
    [RENAME TO new_name]
    [SETTINGS variable [= value] [MIN [=] min_value] [MAX [=] max_value] [READONLY|WRITABLE] | PROFILE 'profile_name'] [,...]
RQ.SRS-006.RBAC.Role.Drop

version: 1.0

ClickHouse SHALL support removing one or more roles using DROP ROLE statement.

RQ.SRS-006.RBAC.Role.Drop.IfExists

version: 1.0

ClickHouse SHALL support using IF EXISTS clause in the DROP ROLE statement to skip raising an exception if the role does not exist. If the IF EXISTS clause is not specified then an exception SHALL be raised if a role does not exist.

RQ.SRS-006.RBAC.Role.Drop.Cluster

version: 1.0

ClickHouse SHALL support using ON CLUSTER clause in the DROP ROLE statement to specify the cluster from which to drop the specified role.

RQ.SRS-006.RBAC.Role.Drop.Effect

version: 1.0

ClickHouse SHALL remove the abilities granted by the role from all the users to which the role was assigned after the successful execution of the DROP ROLE statement. Operations in progress SHALL be allowed to complete but any new operation that requires the privileges that not otherwise granted to the user SHALL fail.

RQ.SRS-006.RBAC.Role.Drop.Syntax

version: 1.0

ClickHouse SHALL support the following syntax for the DROP ROLE statement

DROP ROLE [IF EXISTS] name [,...] [ON CLUSTER cluster_name]
RQ.SRS-006.RBAC.Role.ShowCreate

version: 1.0

ClickHouse SHALL support viewing the settings for a role upon creation with the SHOW CREATE ROLE statement.

RQ.SRS-006.RBAC.Role.ShowCreate.Syntax

version: 1.0

ClickHouse SHALL support the following syntax for the SHOW CREATE ROLE command.

SHOW CREATE ROLE name
RQ.SRS-006.RBAC.Grant.Privilege.To

version: 1.0

ClickHouse SHALL support granting privileges to one or more users or roles using TO clause in the GRANT PRIVILEGE statement.

RQ.SRS-006.RBAC.Grant.Privilege.To.Effect

version: 1.0

ClickHouse SHALL grant privileges to any set of users and/or roles specified in the TO clause of the grant statement. Any new operation by one of the specified users or roles with the granted privilege SHALL succeed.

RQ.SRS-006.RBAC.Grant.Privilege.ToCurrentUser

version: 1.0

ClickHouse SHALL support granting privileges to current user using TO CURRENT_USER clause in the GRANT PRIVILEGE statement.

RQ.SRS-006.RBAC.Grant.Privilege.Select

version: 1.0

ClickHouse SHALL support granting the select privilege to one or more users or roles for a database or a table using the GRANT SELECT statement.

RQ.SRS-006.RBAC.Grant.Privilege.Select.Effect

version: 1.0

ClickHouse SHALL add the select privilege to the specified users or roles after the successful execution of the GRANT SELECT statement. Any new operation by a user or a user that has the specified role which requires the select privilege SHALL succeed.

RQ.SRS-006.RBAC.Grant.Privilege.SelectColumns

version: 1.0

ClickHouse SHALL support granting the select columns privilege to one or more users or roles for a database or a table using the GRANT SELECT(columns) statement.

RQ.SRS-006.RBAC.Grant.Privilege.SelectColumns.Effect

version: 1.0

ClickHouse SHALL add the select columns privilege to the specified users or roles after the successful execution of the GRANT SELECT(columns) statement. Any new operation by a user or a user that has the specified role which requires the select columns privilege SHALL succeed.

RQ.SRS-006.RBAC.Grant.Privilege.Insert

version: 1.0

ClickHouse SHALL support granting the insert privilege to one or more users or roles for a database or a table using the GRANT INSERT statement. When the insert privilege is granted to the specified users or roles after the successful execution of the GRANT INSERT statement, any new operation by a user or a user that has the specified role which requires the insert privilege SHALL succeed.

RQ.SRS-006.RBAC.Grant.Privilege.Alter

version: 1.0

ClickHouse SHALL support granting the alter privilege to one or more users or roles for a database or a table using the GRANT ALTER statement.

RQ.SRS-006.RBAC.Grant.Privilege.Alter.Effect

version: 1.0

ClickHouse SHALL add the alter privilege to the specified users or roles after the successful execution of the GRANT ALTER statement. Any new operation by a user or a user that has the specified role which requires the alter privilege SHALL succeed.

RQ.SRS-006.RBAC.Grant.Privilege.Create

version: 1.0

ClickHouse SHALL support granting the create privilege to one or more users or roles for a database or a table using the GRANT CREATE statement.

RQ.SRS-006.RBAC.Grant.Privilege.Create.Effect

version: 1.0

ClickHouse SHALL add the create privilege to the specified users or roles after the successful execution of the GRANT CREATE statement. Any new operation by a user or a user that has the specified role which requires the create privilege SHALL succeed.

RQ.SRS-006.RBAC.Grant.Privilege.Drop

version: 1.0

ClickHouse SHALL support granting the drop privilege to one or more users or roles for a database or a table using the GRANT DROP statement.

RQ.SRS-006.RBAC.Grant.Privilege.Drop.Effect

version: 1.0

ClickHouse SHALL add the drop privilege to the specified users or roles after the successful execution of the GRANT DROP statement. Any new operation by a user or a user that has the specified role which requires the drop privilege SHALL succeed.

RQ.SRS-006.RBAC.Grant.Privilege.Truncate

version: 1.0

ClickHouse SHALL support granting the truncate privilege to one or more users or roles for a database or a table using GRANT TRUNCATE statement.

RQ.SRS-006.RBAC.Grant.Privilege.Truncate.Effect

version: 1.0

ClickHouse SHALL add the truncate privilege to the specified users or roles after the successful execution of the GRANT TRUNCATE statement. Any new operation by a user or a user that has the specified role which requires the truncate privilege SHALL succeed.

RQ.SRS-006.RBAC.Grant.Privilege.Optimize

version: 1.0

ClickHouse SHALL support granting the optimize privilege to one or more users or roles for a database or a table using GRANT OPTIMIZE statement.

RQ.SRS-006.RBAC.Grant.Privilege.Optimize.Effect

version: 1.0

ClickHouse SHALL add the optimize privilege to the specified users or roles after the successful execution of the GRANT OPTIMIZE statement. Any new operation by a user or a user that has the specified role which requires the optimize privilege SHALL succeed.

RQ.SRS-006.RBAC.Grant.Privilege.Show

version: 1.0

ClickHouse SHALL support granting the show privilege to one or more users or roles for a database or a table using GRANT SHOW statement.

RQ.SRS-006.RBAC.Grant.Privilege.Show.Effect

version: 1.0

ClickHouse SHALL add the show privilege to the specified users or roles after the successful execution of the GRANT SHOW statement. Any new operation by a user or a user that has the specified role which requires the show privilege SHALL succeed.

RQ.SRS-006.RBAC.Grant.Privilege.KillQuery

version: 1.0

ClickHouse SHALL support granting the kill query privilege to one or more users or roles for a database or a table using GRANT KILL QUERY statement.

RQ.SRS-006.RBAC.Grant.Privilege.KillQuery.Effect

version: 1.0

ClickHouse SHALL add the kill query privilege to the specified users or roles after the successful execution of the GRANT KILL QUERY statement. Any new operation by a user or a user that has the specified role which requires the kill query privilege SHALL succeed.

RQ.SRS-006.RBAC.Grant.Privilege.AccessManagement

version: 1.0

ClickHouse SHALL support granting the access management privileges to one or more users or roles for a database or a table using GRANT ACCESS MANAGEMENT statement.

RQ.SRS-006.RBAC.Grant.Privilege.AccessManagement.Effect

version: 1.0

ClickHouse SHALL add the access management privileges to the specified users or roles after the successful execution of the GRANT ACCESS MANAGEMENT statement. Any new operation by a user or a user that has the specified role which requires the access management privilege SHALL succeed.

RQ.SRS-006.RBAC.Grant.Privilege.System

version: 1.0

ClickHouse SHALL support granting the system privileges to one or more users or roles for a database or a table using GRANT SYSTEM statement.

RQ.SRS-006.RBAC.Grant.Privilege.System.Effect

version: 1.0

ClickHouse SHALL add the system privileges to the specified users or roles after the successful execution of the GRANT SYSTEM statement. Any new operation by a user or a user that has the specified role which requires the system privilege SHALL succeed.

RQ.SRS-006.RBAC.Grant.Privilege.Introspection

version: 1.0

ClickHouse SHALL support granting the introspection privileges to one or more users or roles for a database or a table using GRANT INTROSPECTION statement.

RQ.SRS-006.RBAC.Grant.Privilege.Introspection.Effect

version: 1.0

ClickHouse SHALL add the introspection privileges to the specified users or roles after the successful execution of the GRANT INTROSPECTION statement. Any new operation by a user or a user that has the specified role which requires the introspection privilege SHALL succeed.

RQ.SRS-006.RBAC.Grant.Privilege.Sources

version: 1.0

ClickHouse SHALL support granting the sources privileges to one or more users or roles for a database or a table using GRANT SOURCES statement.

RQ.SRS-006.RBAC.Grant.Privilege.Sources.Effect

version: 1.0

ClickHouse SHALL add the sources privileges to the specified users or roles after the successful execution of the GRANT SOURCES statement. Any new operation by a user or a user that has the specified role which requires the sources privilege SHALL succeed.

RQ.SRS-006.RBAC.Grant.Privilege.DictGet

version: 1.0

ClickHouse SHALL support granting the dictGet privilege to one or more users or roles for a database or a table using GRANT dictGet statement.

RQ.SRS-006.RBAC.Grant.Privilege.DictGet.Effect

version: 1.0

ClickHouse SHALL add the dictGet privileges to the specified users or roles after the successful execution of the GRANT dictGet statement. Any new operation by a user or a user that has the specified role which requires the dictGet privilege SHALL succeed.

RQ.SRS-006.RBAC.Grant.Privilege.None

version: 1.0

ClickHouse SHALL support granting no privileges to one or more users or roles for a database or a table using GRANT NONE statement.

RQ.SRS-006.RBAC.Grant.Privilege.None.Effect

version: 1.0

ClickHouse SHALL add no privileges to the specified users or roles after the successful execution of the GRANT NONE statement. Any new operation by a user or a user that has the specified role which requires no privileges SHALL succeed.

RQ.SRS-006.RBAC.Grant.Privilege.All

version: 1.0

ClickHouse SHALL support granting the all privileges to one or more users or roles for a database or a table using the GRANT ALL or GRANT ALL PRIVILEGES statements.

RQ.SRS-006.RBAC.Grant.Privilege.All.Effect

version: 1.0

ClickHouse SHALL add the all privileges to the specified users or roles after the successful execution of the GRANT ALL or GRANT ALL PRIVILEGES statement. Any new operation by a user or a user that has the specified role which requires one or more privileges that are part of the all privileges SHALL succeed.

RQ.SRS-006.RBAC.Grant.Privilege.GrantOption

version: 1.0

ClickHouse SHALL support granting the grant option privilege to one or more users or roles for a database or a table using the WITH GRANT OPTION clause in the GRANT statement.

RQ.SRS-006.RBAC.Grant.Privilege.GrantOption.Effect

version: 1.0

ClickHouse SHALL add the grant option privilege to the specified users or roles after the successful execution of the GRANT statement with the WITH GRANT OPTION clause for the privilege that was specified in the statement. Any new GRANT statements executed by a user or a user that has the specified role which requires grant option for the privilege SHALL succeed.

RQ.SRS-006.RBAC.Grant.Privilege.On

version: 1.0

ClickHouse SHALL support the ON clause in the GRANT privilege statement which SHALL allow to specify one or more tables to which the privilege SHALL be granted using the following patterns

  • *.* any table in any database
  • database.* any table in the specified database
  • database.table specific table in the specified database
  • * any table in the current database
  • table specific table in the current database
RQ.SRS-006.RBAC.Grant.Privilege.On.Effect

version: 1.0

ClickHouse SHALL grant privilege on a table specified in the ON clause. Any new operation by user or role with privilege on the granted table SHALL succeed.

RQ.SRS-006.RBAC.Grant.Privilege.PrivilegeColumns

version: 1.0

ClickHouse SHALL support granting the privilege some_privilege to one or more users or roles for a database or a table using the GRANT some_privilege(column) statement for one column. Multiple columns will be supported with GRANT some_privilege(column1, column2...) statement. The privileges will be granted for only the specified columns.

RQ.SRS-006.RBAC.Grant.Privilege.PrivilegeColumns.Effect

version: 1.0

ClickHouse SHALL grant the privilege some_privilege to the specified users or roles after the successful execution of the GRANT some_privilege(column) statement for the specified column. Granting of the privilege some_privilege over multiple columns SHALL happen after the successful execution of the GRANT some_privilege(column1, column2...) statement. Any new operation by a user or a user that had the specified role which requires the privilege some_privilege over specified columns SHALL succeed.

RQ.SRS-006.RBAC.Grant.Privilege.OnCluster

version: 1.0

ClickHouse SHALL support specifying cluster on which to grant privileges using the ON CLUSTER clause in the GRANT PRIVILEGE statement.

RQ.SRS-006.RBAC.Grant.Privilege.Syntax

version: 1.0

ClickHouse SHALL support the following syntax for the GRANT statement that grants explicit privileges to a user or a role.

GRANT [ON CLUSTER cluster_name]
    privilege {SELECT | SELECT(columns) | INSERT | ALTER | CREATE | DROP | TRUNCATE | OPTIMIZE | SHOW | KILL QUERY | ACCESS MANAGEMENT | SYSTEM | INTROSPECTION | SOURCES | dictGet | NONE |ALL       [PRIVILEGES]} [, ...]
    ON {*.* | database.* | database.table | * | table}
    TO {user | role | CURRENT_USER} [,...]
    [WITH GRANT OPTION]
RQ.SRS-006.RBAC.Revoke.Privilege.Cluster

version: 1.0

ClickHouse SHALL support revoking privileges to one or more users or roles for a database or a table on some specific cluster using the REVOKE ON CLUSTER cluster_name statement.

RQ.SRS-006.RBAC.Revoke.Privilege.Cluster.Effect

version: 1.0

ClickHouse SHALL remove some privilege from the specified users or roles on cluster cluster_name after the successful execution of the REVOKE ON CLUSTER cluster_name some_privilege statement. Any new operation by a user or a user that had the specified role which requires that privilege on cluster cluster_name SHALL fail if user does not have it otherwise.

RQ.SRS-006.RBAC.Revoke.Privilege.Any

version: 1.0

ClickHouse SHALL support revoking ANY privilege to one or more users or roles for a database or a table using the REVOKE some_privilege statement. some_privilege refers to any Clickhouse defined privilege, whose hierarchy includes SELECT, INSERT, ALTER, CREATE, DROP, TRUNCATE, OPTIMIZE, SHOW, KILL QUERY, ACCESS MANAGEMENT, SYSTEM, INTROSPECTION, SOURCES, dictGet and all of their sub-privileges.

RQ.SRS-006.RBAC.Revoke.Privilege.Any.Effect

version: 1.0

ClickHouse SHALL remove the some_privilege privilege from the specified users or roles after the successful execution of the REVOKE some_privilege statement. Any new operation by a user or a user that had the specified role which requires the privilege some_privilege SHALL fail if user does not have it otherwise.

RQ.SRS-006.RBAC.Revoke.Privilege.Select

version: 1.0

ClickHouse SHALL support revoking the select privilege to one or more users or roles for a database or a table using the REVOKE SELECT statement.

RQ.SRS-006.RBAC.Revoke.Privilege.Select.Effect

version: 1.0

ClickHouse SHALL remove the select privilege from the specified users or roles after the successful execution of the REVOKE SELECT statement. Any new operation by a user or a user that had the specified role which requires the select privilege SHALL fail if user does not have it otherwise.

RQ.SRS-006.RBAC.Revoke.Privilege.Insert

version: 1.0

ClickHouse SHALL support revoking the insert privilege to one or more users or roles for a database or a table using the REVOKE INSERT statement. When the insert privilege is removed from the specified users or roles after the successful execution of the REVOKE INSERT statement, any new operation by a user or a user that had the specified role which requires the insert privilege SHALL fail if user does not have it otherwise.

RQ.SRS-006.RBAC.Revoke.Privilege.Alter

version: 1.0

ClickHouse SHALL support revoking the alter privilege to one or more users or roles for a database or a table using the REVOKE ALTER statement.

RQ.SRS-006.RBAC.Revoke.Privilege.Alter.Effect

version: 1.0

ClickHouse SHALL remove the alter privilege from the specified users or roles after the successful execution of the REVOKE ALTER statement. Any new operation by a user or a user that had the specified role which requires the alter privilege SHALL fail if user does not have it otherwise.

RQ.SRS-006.RBAC.Revoke.Privilege.Create

version: 1.0

ClickHouse SHALL support revoking the create privilege to one or more users or roles for a database or a table using the REVOKE CREATE statement.

RQ.SRS-006.RBAC.Revoke.Privilege.Create.Effect

version: 1.0

ClickHouse SHALL remove the create privilege from the specified users or roles after the successful execution of the REVOKE CREATE statement. Any new operation by a user or a user that had the specified role which requires the create privilege SHALL fail if user does not have it otherwise.

RQ.SRS-006.RBAC.Revoke.Privilege.Drop

version: 1.0

ClickHouse SHALL support revoking the drop privilege to one or more users or roles for a database or a table using the REVOKE DROP statement.

RQ.SRS-006.RBAC.Revoke.Privilege.Drop.Effect

version: 1.0

ClickHouse SHALL remove the drop privilege from the specified users or roles after the successful execution of the REVOKE DROP statement. Any new operation by a user or a user that had the specified role which requires the drop privilege SHALL fail if user does not have it otherwise.

RQ.SRS-006.RBAC.Revoke.Privilege.Truncate

version: 1.0

ClickHouse SHALL support revoking the truncate privilege to one or more users or roles for a database or a table using the REVOKE TRUNCATE statement.

RQ.SRS-006.RBAC.Revoke.Privilege.Truncate.Effect

version: 1.0

ClickHouse SHALL remove the truncate privilege from the specified users or roles after the successful execution of the REVOKE TRUNCATE statement. Any new operation by a user or a user that had the specified role which requires the truncate privilege SHALL fail if user does not have it otherwise.

RQ.SRS-006.RBAC.Revoke.Privilege.Optimize

version: 1.0

ClickHouse SHALL support revoking the optimize privilege to one or more users or roles for a database or a table using the REVOKE OPTIMIZE statement.

RQ.SRS-006.RBAC.Revoke.Privilege.Optimize.Effect

version: 1.0

ClickHouse SHALL remove the optimize privilege from the specified users or roles after the successful execution of the REVOKE OPTMIZE statement. Any new operation by a user or a user that had the specified role which requires the optimize privilege SHALL fail if user does not have it otherwise.

RQ.SRS-006.RBAC.Revoke.Privilege.Show

version: 1.0

ClickHouse SHALL support revoking the show privilege to one or more users or roles for a database or a table using the REVOKE SHOW statement.

RQ.SRS-006.RBAC.Revoke.Privilege.Show.Effect

version: 1.0

ClickHouse SHALL remove the show privilege from the specified users or roles after the successful execution of the REVOKE SHOW statement. Any new operation by a user or a user that had the specified role which requires the show privilege SHALL fail if user does not have it otherwise.

RQ.SRS-006.RBAC.Revoke.Privilege.KillQuery

version: 1.0

ClickHouse SHALL support revoking the kill query privilege to one or more users or roles for a database or a table using the REVOKE KILL QUERY statement.

RQ.SRS-006.RBAC.Revoke.Privilege.KillQuery.Effect

version: 1.0

ClickHouse SHALL remove the kill query privilege from the specified users or roles after the successful execution of the REVOKE KILL QUERY statement. Any new operation by a user or a user that had the specified role which requires the kill query privilege SHALL fail if user does not have it otherwise.

RQ.SRS-006.RBAC.Revoke.Privilege.AccessManagement

version: 1.0

ClickHouse SHALL support revoking the access management privilege to one or more users or roles for a database or a table using the REVOKE ACCESS MANAGEMENT statement.

RQ.SRS-006.RBAC.Revoke.Privilege.AccessManagement.Effect

version: 1.0

ClickHouse SHALL remove the access management privilege from the specified users or roles after the successful execution of the REVOKE ACCESS MANAGEMENT statement. Any new operation by a user or a user that had the specified role which requires the access management privilege SHALL fail if user does not have it otherwise.

RQ.SRS-006.RBAC.Revoke.Privilege.System

version: 1.0

ClickHouse SHALL support revoking the system privilege to one or more users or roles for a database or a table using the REVOKE SYSTEM statement.

RQ.SRS-006.RBAC.Revoke.Privilege.System.Effect

version: 1.0

ClickHouse SHALL remove the system privilege from the specified users or roles after the successful execution of the REVOKE SYSTEM statement. Any new operation by a user or a user that had the specified role which requires the system privilege SHALL fail if user does not have it otherwise.

RQ.SRS-006.RBAC.Revoke.Privilege.Introspection

version: 1.0

ClickHouse SHALL support revoking the introspection privilege to one or more users or roles for a database or a table using the REVOKE INTROSPECTION statement.

RQ.SRS-006.RBAC.Revoke.Privilege.Introspection.Effect

version: 1.0

ClickHouse SHALL remove the introspection privilege from the specified users or roles after the successful execution of the REVOKE INTROSPECTION statement. Any new operation by a user or a user that had the specified role which requires the introspection privilege SHALL fail if user does not have it otherwise.

RQ.SRS-006.RBAC.Revoke.Privilege.Sources

version: 1.0

ClickHouse SHALL support revoking the sources privilege to one or more users or roles for a database or a table using the REVOKE SOURCES statement.

RQ.SRS-006.RBAC.Revoke.Privilege.Sources.Effect

version: 1.0

ClickHouse SHALL remove the sources privilege from the specified users or roles after the successful execution of the REVOKE SOURCES statement. Any new operation by a user or a user that had the specified role which requires the sources privilege SHALL fail if user does not have it otherwise.

RQ.SRS-006.RBAC.Revoke.Privilege.DictGet

version: 1.0

ClickHouse SHALL support revoking the dictGet privilege to one or more users or roles for a database or a table using the REVOKE dictGet statement.

RQ.SRS-006.RBAC.Revoke.Privilege.DictGet.Effect

version: 1.0

ClickHouse SHALL remove the dictGet privilege from the specified users or roles after the successful execution of the REVOKE dictGet statement. Any new operation by a user or a user that had the specified role which requires the dictGet privilege SHALL fail if user does not have it otherwise.

RQ.SRS-006.RBAC.Revoke.Privilege.PrivelegeColumns

version: 1.0

ClickHouse SHALL support revoking the privilege some_privilege to one or more users or roles for a database or a table using the REVOKE some_privilege(column) statement for one column. Multiple columns will be supported with REVOKE some_privilege(column1, column2...) statement. The privileges will be revoked for only the specified columns.

RQ.SRS-006.RBAC.Revoke.Privilege.PrivelegeColumns.Effect

version: 1.0

ClickHouse SHALL remove the privilege some_privilege from the specified users or roles after the successful execution of the REVOKE some_privilege(column) statement for the specified column. Removal of the privilege some_privilege over multiple columns SHALL happen after the successful execution of the REVOKE some_privilege(column1, column2...) statement. Any new operation by a user or a user that had the specified role which requires the privilege some_privilege over specified SHALL fail if user does not have it otherwise.

RQ.SRS-006.RBAC.Revoke.Privilege.Multiple

version: 1.0

ClickHouse SHALL support revoking MULTIPLE privileges to one or more users or roles for a database or a table using the REVOKE privilege1, privilege2... statement. privileges refers to any set of Clickhouse defined privilege, whose hierarchy includes SELECT, INSERT, ALTER, CREATE, DROP, TRUNCATE, OPTIMIZE, SHOW, KILL QUERY, ACCESS MANAGEMENT, SYSTEM, INTROSPECTION, SOURCES, dictGet and all of their sub-privileges.

RQ.SRS-006.RBAC.Revoke.Privilege.Multiple.Effect

version: 1.0

ClickHouse SHALL remove the privileges from the specified users or roles after the successful execution of the REVOKE privilege1, privilege2... statement. Any new operation by a user or a user that had the specified role which requires any of the privileges SHALL fail if user does not have it otherwise.

RQ.SRS-006.RBAC.Revoke.Privilege.All

version: 1.0

ClickHouse SHALL support revoking all privileges to one or more users or roles for a database or a table using the REVOKE ALL or REVOKE ALL PRIVILEGES statements.

RQ.SRS-006.RBAC.Revoke.Privilege.All.Effect

version: 1.0

ClickHouse SHALL remove all privileges from the specified users or roles after the successful execution of the REVOKE ALL or REVOKE ALL PRIVILEGES statement. Any new operation by a user or a user that had the specified role which requires one or more privileges that are part of all privileges SHALL fail.

RQ.SRS-006.RBAC.Revoke.Privilege.None

version: 1.0

ClickHouse SHALL support revoking no privileges to one or more users or roles for a database or a table using the REVOKE NONE statement.

RQ.SRS-006.RBAC.Revoke.Privilege.None.Effect

version: 1.0

ClickHouse SHALL remove no privileges from the specified users or roles after the successful execution of the REVOKE NONE statement. Any new operation by a user or a user that had the specified role shall have the same effect after this command as it did before this command.

RQ.SRS-006.RBAC.Revoke.Privilege.On

version: 1.0

ClickHouse SHALL support the ON clause in the REVOKE privilege statement which SHALL allow to specify one or more tables to which the privilege SHALL be revoked using the following patterns

  • db.table specific table in the specified database
  • db.* any table in the specified database
  • *.* any table in any database
  • table specific table in the current database
  • * any table in the current database
RQ.SRS-006.RBAC.Revoke.Privilege.On.Effect

version: 1.0

ClickHouse SHALL remove the specificed priviliges from the specified one or more tables indicated with the ON clause in the REVOKE privilege statement. The tables will be indicated using the following patterns

  • db.table specific table in the specified database
  • db.* any table in the specified database
  • *.* any table in any database
  • table specific table in the current database
  • * any table in the current database

Any new operation by a user or a user that had the specified role which requires one or more privileges on the revoked tables SHALL fail.

RQ.SRS-006.RBAC.Revoke.Privilege.From

version: 1.0

ClickHouse SHALL support the FROM clause in the REVOKE privilege statement which SHALL allow to specify one or more users to which the privilege SHALL be revoked using the following patterns

  • {user | CURRENT_USER} [,...] some combination of users by name, which may include the current user
  • ALL all users
  • ALL EXCEPT {user | CURRENT_USER} [,...] the logical reverse of the first pattern
RQ.SRS-006.RBAC.Revoke.Privilege.From.Effect

version: 1.0

ClickHouse SHALL remove priviliges to any set of users specified in the FROM clause in the REVOKE privilege statement. The details of the removed privileges will be specified in the other clauses. Any new operation by one of the specified users whose privileges have been revoked SHALL fail. The patterns that expand the FROM clause are listed below

  • {user | CURRENT_USER} [,...] some combination of users by name, which may include the current user
  • ALL all users
  • ALL EXCEPT {user | CURRENT_USER} [,...] the logical reverse of the first pattern
RQ.SRS-006.RBAC.Revoke.Privilege.Syntax

version: 1.0

ClickHouse SHALL support the following syntax for the REVOKE statement that revokes explicit privileges of a user or a role.

REVOKE [ON CLUSTER cluster_name] privilege
    [(column_name [,...])] [,...]
    ON {db.table|db.*|*.*|table|*}
    FROM {user | CURRENT_USER} [,...] | ALL | ALL EXCEPT {user | CURRENT_USER} [,...]
RQ.SRS-006.RBAC.PartialRevoke.Syntax

version: 1.0

ClickHouse SHALL support partial revokes by using partial_revokes variable that can be set or unset using the following syntax.

To disable partial revokes the partial_revokes variable SHALL be set to 0

SET partial_revokes = 0

To enable partial revokes the partial revokes variable SHALL be set to 1

SET partial_revokes = 1
RQ.SRS-006.RBAC.PartialRevoke.Effect

version: 1.0

FIXME: Need to be defined.

RQ.SRS-006.RBAC.Grant.Role

version: 1.0

ClickHouse SHALL support granting one or more roles to one or more users or roles using the GRANT role statement.

RQ.SRS-006.RBAC.Grant.Role.Effect

version: 1.0

ClickHouse SHALL add all the privileges that are assigned to the role which is granted to the user or the role to which GRANT role statement is applied. Any new operation that requires the privileges included in the role SHALL succeed.

RQ.SRS-006.RBAC.Grant.Role.CurrentUser

version: 1.0

ClickHouse SHALL support granting one or more roles to current user using TO CURRENT_USER clause in the GRANT role statement.

RQ.SRS-006.RBAC.Grant.Role.CurrentUser.Effect

version: 1.0

ClickHouse SHALL add all the privileges that are assigned to the role which is granted to the current user via the GRANT statement. Any new operation that requires the privileges included in the role SHALL succeed.

RQ.SRS-006.RBAC.Grant.Role.AdminOption

version: 1.0

ClickHouse SHALL support granting admin option privilege to one or more users or roles using the WITH ADMIN OPTION clause in the GRANT role statement.

RQ.SRS-006.RBAC.Grant.Role.AdminOption.Effect

version: 1.0

ClickHouse SHALL add the admin option privilege to the specified users or roles after the successful execution of the GRANT role statement with the WITH ADMIN OPTION clause. Any new system queries statements executed by a user or a user that has the specified role which requires the admin option privilege SHALL succeed.

RQ.SRS-006.RBAC.Grant.Role.OnCluster

version: 1.0

ClickHouse SHALL support specifying cluster on which the user is to be granted one or more roles using ON CLUSTER clause in the GRANT statement.

RQ.SRS-006.RBAC.Grant.Role.Syntax

version: 1.0

ClickHouse SHALL support the following syntax for GRANT role statement

GRANT
    ON CLUSTER cluster_name
    role [, role ...]
    TO {user | role | CURRENT_USER} [,...]
    [WITH ADMIN OPTION]
RQ.SRS-006.RBAC.Revoke.Role

version: 1.0

ClickHouse SHALL support revoking one or more roles from one or more users or roles using the REVOKE role statement.

RQ.SRS-006.RBAC.Revoke.Role.Effect

version: 1.0

ClickHouse SHALL remove all the privileges that are assigned to the role that is being revoked from the user or the role to which the REVOKE role statement is applied. Any new operation, by the user or users that have the role which included the role being revoked, that requires the privileges included in the role SHALL fail if the user does not have it otherwise.

RQ.SRS-006.RBAC.Revoke.Role.Keywords

version: 1.0

ClickHouse SHALL support revoking one or more roles from special groupings of one or more users or roles with the ALL, ALL EXCEPT, and CURRENT_USER keywords.

RQ.SRS-006.RBAC.Revoke.Role.Keywords.Effect

version: 1.0

ClickHouse SHALL remove all the privileges that are assigned to the role that is being revoked from the user or the role to which the REVOKE role statement with the specified keywords is applied. Any new operation, by the user or users that have the role which included the role being revoked, that requires the privileges included in the role SHALL fail if the user does not have it otherwise.

RQ.SRS-006.RBAC.Revoke.Role.Cluster

version: 1.0

ClickHouse SHALL support revoking one or more roles from one or more users or roles from one or more clusters using the REVOKE ON CLUSTER role statement.

RQ.SRS-006.RBAC.Revoke.Role.Cluster.Effect

version: 1.0

ClickHouse SHALL remove all the privileges that are assigned to the role that is being revoked from the user or the role from the cluster(s) to which the REVOKE ON CLUSTER role statement is applied. Any new operation, by the user or users that have the role which included the role being revoked, that requires the privileges included in the role SHALL fail if the user does not have it otherwise.

RQ.SRS-006.RBAC.Revoke.AdminOption

version: 1.0

ClickHouse SHALL support revoking admin option privilege in one or more users or roles using the ADMIN OPTION FOR clause in the REVOKE role statement.

RQ.SRS-006.RBAC.Revoke.AdminOption.Effect

version: 1.0

ClickHouse SHALL remove the admin option privilege from the specified users or roles after the successful execution of the REVOKE role statement with the ADMIN OPTION FOR clause. Any new system queries statements executed by a user or a user that has the specified role which requires the admin option privilege SHALL fail.

RQ.SRS-006.RBAC.Revoke.Role.Syntax

version: 1.0

ClickHouse SHALL support the following syntax for the REVOKE role statement

REVOKE [ON CLUSTER cluster_name] [ADMIN OPTION FOR]
    role [,...]
    FROM {user | role | CURRENT_USER} [,...] | ALL | ALL EXCEPT {user_name | role_name | CURRENT_USER} [,...]
RQ.SRS-006.RBAC.Show.Grants

version: 1.0

ClickHouse SHALL support listing all the privileges granted to current user and role using the SHOW GRANTS statement.

RQ.SRS-006.RBAC.Show.Grants.For

version: 1.0

ClickHouse SHALL support listing all the privileges granted to a user or a role using the FOR clause in the SHOW GRANTS statement.

RQ.SRS-006.RBAC.Show.Grants.Syntax

version: 1.0

Clickhouse SHALL use the following syntax for the SHOW GRANTS statement

SHOW GRANTS [FOR user_or_role]
RQ.SRS-006.RBAC.SettingsProfile.Create

version: 1.0

ClickHouse SHALL support creating settings profile using the CREATE SETTINGS PROFILE statement.

RQ.SRS-006.RBAC.SettingsProfile.Create.Effect

version: 1.0

ClickHouse SHALL use new profile after the CREATE SETTINGS PROFILE statement is successfully executed for any new operations performed by all the users and roles to which the settings profile is assigned.

RQ.SRS-006.RBAC.SettingsProfile.Create.IfNotExists

version: 1.0

ClickHouse SHALL support IF NOT EXISTS clause in the CREATE SETTINGS PROFILE statement to skip raising an exception if a settings profile with the same name already exists. If IF NOT EXISTS clause is not specified then an exception SHALL be raised if a settings profile with the same name already exists.

RQ.SRS-006.RBAC.SettingsProfile.Create.Replace

version: 1.0

ClickHouse SHALL support OR REPLACE clause in the CREATE SETTINGS PROFILE statement to replace existing settings profile if it already exists.

RQ.SRS-006.RBAC.SettingsProfile.Create.Variables

version: 1.0

ClickHouse SHALL support assigning values and constraints to one or more variables in the CREATE SETTINGS PROFILE statement.

RQ.SRS-006.RBAC.SettingsProfile.Create.Variables.Value

version: 1.0

ClickHouse SHALL support assigning variable value in the CREATE SETTINGS PROFILE statement.

RQ.SRS-006.RBAC.SettingsProfile.Create.Variables.Value.Effect

version: 1.0

ClickHouse SHALL use new variable values after CREATE SETTINGS PROFILE statement is successfully executed for any new operations performed by all the users and roles to which the settings profile is assigned.

RQ.SRS-006.RBAC.SettingsProfile.Create.Variables.Constraints

version: 1.0

ClickHouse SHALL support setting MIN, MAX, READONLY, and WRITABLE constraints for the variables in the CREATE SETTINGS PROFILE statement.

RQ.SRS-006.RBAC.SettingsProfile.Create.Variables.Constraints.Effect

version: 1.0

ClickHouse SHALL use new variable constraints after CREATE SETTINGS PROFILE statement is successfully executed for any new operations performed by all the users and roles to which the settings profile is assigned.

RQ.SRS-006.RBAC.SettingsProfile.Create.Assignment

version: 1.0

ClickHouse SHALL support assigning settings profile to one or more users or roles in the CREATE SETTINGS PROFILE statement.

RQ.SRS-006.RBAC.SettingsProfile.Create.Assignment.None

version: 1.0

ClickHouse SHALL support assigning settings profile to no users or roles using TO NONE clause in the CREATE SETTINGS PROFILE statement.

RQ.SRS-006.RBAC.SettingsProfile.Create.Assignment.All

version: 1.0

ClickHouse SHALL support assigning settings profile to all current users and roles using TO ALL clause in the CREATE SETTINGS PROFILE statement.

RQ.SRS-006.RBAC.SettingsProfile.Create.Assignment.AllExcept

version: 1.0

ClickHouse SHALL support excluding assignment to one or more users or roles using the ALL EXCEPT clause in the CREATE SETTINGS PROFILE statement.

RQ.SRS-006.RBAC.SettingsProfile.Create.Inherit

version: 1.0

ClickHouse SHALL support inheriting profile settings from indicated profile using the INHERIT clause in the CREATE SETTINGS PROFILE statement.

RQ.SRS-006.RBAC.SettingsProfile.Create.OnCluster

version: 1.0

ClickHouse SHALL support specifying what cluster to create settings profile on using ON CLUSTER clause in the CREATE SETTINGS PROFILE statement.

RQ.SRS-006.RBAC.SettingsProfile.Create.Syntax

version: 1.0

ClickHouse SHALL support the following syntax for the CREATE SETTINGS PROFILE statement.

CREATE SETTINGS PROFILE [IF NOT EXISTS | OR REPLACE] name
    [ON CLUSTER cluster_name]
    [SET varname [= value] [MIN min] [MAX max] [READONLY|WRITABLE] | [INHERIT 'profile_name'] [,...]]
    [TO {user_or_role [,...] | NONE | ALL | ALL EXCEPT user_or_role [,...]}]
RQ.SRS-006.RBAC.SettingsProfile.Alter

version: 1.0

ClickHouse SHALL support altering settings profile using the ALTER STETTINGS PROFILE statement.

RQ.SRS-006.RBAC.SettingsProfile.Alter.Effect

version: 1.0

ClickHouse SHALL use the updated settings profile after ALTER SETTINGS PROFILE is successfully executed for any new operations performed by all the users and roles to which the settings profile is assigned or SHALL raise an exception if the settings profile does not exist.

RQ.SRS-006.RBAC.SettingsProfile.Alter.IfExists

version: 1.0

ClickHouse SHALL support IF EXISTS clause in the ALTER SETTINGS PROFILE statement to not raise exception if a settings profile does not exist. If the IF EXISTS clause is not specified then an exception SHALL be raised if a settings profile does not exist.

RQ.SRS-006.RBAC.SettingsProfile.Alter.Rename

version: 1.0

ClickHouse SHALL support renaming settings profile using the RANAME TO clause in the ALTER SETTINGS PROFILE statement.

RQ.SRS-006.RBAC.SettingsProfile.Alter.Variables

version: 1.0

ClickHouse SHALL support altering values and constraints of one or more variables in the ALTER SETTINGS PROFILE statement.

RQ.SRS-006.RBAC.SettingsProfile.Alter.Variables.Value

version: 1.0

ClickHouse SHALL support altering value of the variable in the ALTER SETTINGS PROFILE statement.

RQ.SRS-006.RBAC.SettingsProfile.Alter.Variables.Value.Effect

version: 1.0

ClickHouse SHALL use the new value of the variable after ALTER SETTINGS PROFILE is successfully executed for any new operations performed by all the users and roles to which the settings profile is assigned.

RQ.SRS-006.RBAC.SettingsProfile.Alter.Variables.Constraints

version: 1.0

ClickHouse SHALL support altering MIN, MAX, READONLY, and WRITABLE constraints for the variables in the ALTER SETTINGS PROFILE statement.

RQ.SRS-006.RBAC.SettingsProfile.Alter.Variables.Constraints.Effect

version: 1.0

ClickHouse SHALL use new constraints after ALTER SETTINGS PROFILE is successfully executed for any new operations performed by all the users and roles to which the settings profile is assigned.

RQ.SRS-006.RBAC.SettingsProfile.Alter.Assignment

version: 1.0

ClickHouse SHALL support reassigning settings profile to one or more users or roles using the TO clause in the ALTER SETTINGS PROFILE statement.

RQ.SRS-006.RBAC.SettingsProfile.Alter.Assignment.Effect

version: 1.0

ClickHouse SHALL unset all the variables and constraints that were defined in the settings profile in all users and roles to which the settings profile was previously assigned.

RQ.SRS-006.RBAC.SettingsProfile.Alter.Assignment.None

version: 1.0

ClickHouse SHALL support reassigning settings profile to no users or roles using the TO NONE clause in the ALTER SETTINGS PROFILE statement.

RQ.SRS-006.RBAC.SettingsProfile.Alter.Assignment.All

version: 1.0

ClickHouse SHALL support reassigning settings profile to all current users and roles using the TO ALL clause in the ALTER SETTINGS PROFILE statement.

RQ.SRS-006.RBAC.SettingsProfile.Alter.Assignment.AllExcept

version: 1.0

ClickHouse SHALL support excluding assignment to one or more users or roles using the TO ALL EXCEPT clause in the ALTER SETTINGS PROFILE statement.

RQ.SRS-006.RBAC.SettingsProfile.Alter.Assignment.Inherit

version: 1.0

ClickHouse SHALL support altering the settings profile by inheriting settings from specified profile using INHERIT clause in the ALTER SETTINGS PROFILE statement.

RQ.SRS-006.RBAC.SettingsProfile.Alter.Assignment.OnCluster

version: 1.0

ClickHouse SHALL support altering the settings profile on a specified cluster using ON CLUSTER clause in the ALTER SETTINGS PROFILE statement.

RQ.SRS-006.RBAC.SettingsProfile.Alter.Syntax

version: 1.0

ClickHouse SHALL support the following syntax for the ALTER SETTINGS PROFILE statement.

ALTER SETTINGS PROFILE [IF EXISTS] name
    [ON CLUSTER cluster_name]
    [RENAME TO new_name]
    [SETTINGS variable [= value] [MIN [=] min_value] [MAX [=] max_value] [READONLY|WRITABLE] | INHERIT 'profile_name'] [,...]
    [TO {user_or_role [,...] | NONE | ALL | ALL EXCEPT user_or_role [,...]]}
RQ.SRS-006.RBAC.SettingsProfile.Drop

version: 1.0

ClickHouse SHALL support removing one or more settings profiles using the DROP SETTINGS PROFILE statement.

RQ.SRS-006.RBAC.SettingsProfile.Drop.Effect

version: 1.0

ClickHouse SHALL unset all the variables and constraints that were defined in the settings profile in all the users and roles to which the settings profile was assigned.

RQ.SRS-006.RBAC.SettingsProfile.Drop.IfExists

version: 1.0

ClickHouse SHALL support using IF EXISTS clause in the DROP SETTINGS PROFILE statement to skip raising an exception if the settings profile does not exist. If the IF EXISTS clause is not specified then an exception SHALL be raised if a settings profile does not exist.

RQ.SRS-006.RBAC.SettingsProfile.Drop.OnCluster

version: 1.0

ClickHouse SHALL support dropping one or more settings profiles on specified cluster using ON CLUSTER clause in the DROP SETTINGS PROFILE statement.

RQ.SRS-006.RBAC.SettingsProfile.Drop.Syntax

version: 1.0

ClickHouse SHALL support the following syntax for the DROP SETTINGS PROFILE statement

DROP SETTINGS PROFILE [IF EXISTS] name [,name,...]
RQ.SRS-006.RBAC.SettingsProfile.ShowCreateSettingsProfile

version: 1.0

ClickHouse SHALL support showing the CREATE SETTINGS PROFILE statement used to create the settings profile using the SHOW CREATE SETTINGS PROFILE statement with the following syntax

SHOW CREATE SETTINGS PROFILE name
RQ.SRS-006.RBAC.Quota.Create

version: 1.0

ClickHouse SHALL support creating quotas using the CREATE QUOTA statement.

RQ.SRS-006.RBAC.Quota.Create.Effect

version: 1.0

ClickHouse SHALL use new limits specified by the quota after the CREATE QUOTA statement is successfully executed for any new operations performed by all the users and roles to which the quota is assigned.

RQ.SRS-006.RBAC.Quota.Create.IfNotExists

version: 1.0

ClickHouse SHALL support IF NOT EXISTS clause in the CREATE QUOTA statement to skip raising an exception if a quota with the same name already exists. If IF NOT EXISTS clause is not specified then an exception SHALL be raised if a quota with the same name already exists.

RQ.SRS-006.RBAC.Quota.Create.Replace

version: 1.0

ClickHouse SHALL support OR REPLACE clause in the CREATE QUOTA statement to replace existing quota if it already exists.

RQ.SRS-006.RBAC.Quota.Create.Cluster

version: 1.0

ClickHouse SHALL support creating quotas on a specific cluster with the ON CLUSTER clause in the CREATE QUOTA statement.

RQ.SRS-006.RBAC.Quota.Create.Interval

version: 1.0

ClickHouse SHALL support defining the quota interval that specifies a period of time over for which the quota SHALL apply using the FOR INTERVAL clause in the CREATE QUOTA statement.

This statement SHALL also support a number and a time period which will be one of {SECOND | MINUTE | HOUR | DAY | MONTH}. Thus, the complete syntax SHALL be:

FOR INTERVAL number {SECOND | MINUTE | HOUR | DAY} where number is some real number to define the interval.

RQ.SRS-006.RBAC.Quota.Create.Interval.Randomized

version: 1.0

ClickHouse SHALL support defining the quota randomized interval that specifies a period of time over for which the quota SHALL apply using the FOR RANDOMIZED INTERVAL clause in the CREATE QUOTA statement.

This statement SHALL also support a number and a time period which will be one of {SECOND | MINUTE | HOUR | DAY | MONTH}. Thus, the complete syntax SHALL be:

FOR [RANDOMIZED] INTERVAL number {SECOND | MINUTE | HOUR | DAY} where number is some real number to define the interval.

RQ.SRS-006.RBAC.Quota.Create.Queries

version: 1.0

ClickHouse SHALL support limiting number of requests over a period of time using the QUERIES clause in the CREATE QUOTA statement.

RQ.SRS-006.RBAC.Quota.Create.Errors

version: 1.0

ClickHouse SHALL support limiting number of queries that threw an exception using the ERRORS clause in the CREATE QUOTA statement.

RQ.SRS-006.RBAC.Quota.Create.ResultRows

version: 1.0

ClickHouse SHALL support limiting the total number of rows given as the result using the RESULT ROWS clause in the CREATE QUOTA statement.

RQ.SRS-006.RBAC.Quota.Create.ReadRows

version: 1.0

ClickHouse SHALL support limiting the total number of source rows read from tables for running the query on all remote servers using the READ ROWS clause in the CREATE QUOTA statement.

RQ.SRS-006.RBAC.Quota.Create.ResultBytes

version: 1.0

ClickHouse SHALL support limiting the total number of bytes that can be returned as the result using the RESULT BYTES clause in the CREATE QUOTA statement.

RQ.SRS-006.RBAC.Quota.Create.ReadBytes

version: 1.0

ClickHouse SHALL support limiting the total number of source bytes read from tables for running the query on all remote servers using the READ BYTES clause in the CREATE QUOTA statement.

RQ.SRS-006.RBAC.Quota.Create.ExecutionTime

version: 1.0

ClickHouse SHALL support limiting the maximum query execution time using the EXECUTION TIME clause in the CREATE QUOTA statement.

RQ.SRS-006.RBAC.Quota.Create.NoLimits

version: 1.0

ClickHouse SHALL support limiting the maximum query execution time using the NO LIMITS clause in the CREATE QUOTA statement.

RQ.SRS-006.RBAC.Quota.Create.TrackingOnly

version: 1.0

ClickHouse SHALL support limiting the maximum query execution time using the TRACKING ONLY clause in the CREATE QUOTA statement.

RQ.SRS-006.RBAC.Quota.Create.KeyedBy

version: 1.0

ClickHouse SHALL support to track quota for some key following the KEYED BY clause in the CREATE QUOTA statement.

RQ.SRS-006.RBAC.Quota.Create.KeyedByOptions

version: 1.0

ClickHouse SHALL support to track quota separately for some parameter using the KEYED BY 'parameter' clause in the CREATE QUOTA statement.

'parameter' can be one of: {'none' | 'user name' | 'ip address' | 'client key' | 'client key or user name' | 'client key or ip address'}

RQ.SRS-006.RBAC.Quota.Create.Assignment

version: 1.0

ClickHouse SHALL support assigning quota to one or more users or roles using the TO clause in the CREATE QUOTA statement.

RQ.SRS-006.RBAC.Quota.Create.Assignment.None

version: 1.0

ClickHouse SHALL support assigning quota to no users or roles using TO NONE clause in the CREATE QUOTA statement.

RQ.SRS-006.RBAC.Quota.Create.Assignment.All

version: 1.0

ClickHouse SHALL support assigning quota to all current users and roles using TO ALL clause in the CREATE QUOTA statement.

RQ.SRS-006.RBAC.Quota.Create.Assignment.Except

version: 1.0

ClickHouse SHALL support excluding assignment of quota to one or more users or roles using the EXCEPT clause in the CREATE QUOTA statement.

RQ.SRS-006.RBAC.Quota.Create.Syntax

version: 1.0

ClickHouse SHALL support the following syntax for the CREATE QUOTA statement

CREATE QUOTA [IF NOT EXISTS | OR REPLACE] name [ON CLUSTER cluster_name]
    [KEYED BY {'none' | 'user name' | 'ip address' | 'client key' | 'client key or user name' | 'client key or ip address'}]
    [FOR [RANDOMIZED] INTERVAL number {SECOND | MINUTE | HOUR | DAY}
        {MAX { {QUERIES | ERRORS | RESULT ROWS | RESULT BYTES | READ ROWS | READ BYTES | EXECUTION TIME} = number } [,...] |
         NO LIMITS | TRACKING ONLY} [,...]]
    [TO {role [,...] | ALL | ALL EXCEPT role [,...]}]
RQ.SRS-006.RBAC.Quota.Alter

version: 1.0

ClickHouse SHALL support altering quotas using the ALTER QUOTA statement.

RQ.SRS-006.RBAC.Quota.Alter.Effect

version: 1.0

ClickHouse SHALL use new limits specified by the updated quota after the ALTER QUOTA statement is successfully executed for any new operations performed by all the users and roles to which the quota is assigned.

RQ.SRS-006.RBAC.Quota.Alter.IfExists

version: 1.0

ClickHouse SHALL support IF EXISTS clause in the ALTER QUOTA statement to skip raising an exception if a quota does not exist. If the IF EXISTS clause is not specified then an exception SHALL be raised if a quota does not exist.

RQ.SRS-006.RBAC.Quota.Alter.Rename

version: 1.0

ClickHouse SHALL support RENAME TO clause in the ALTER QUOTA statement to rename the quota to the specified name.

RQ.SRS-006.RBAC.Quota.Alter.Cluster

version: 1.0

ClickHouse SHALL support altering quotas on a specific cluster with the ON CLUSTER clause in the ALTER QUOTA statement.

RQ.SRS-006.RBAC.Quota.Alter.Interval

version: 1.0

ClickHouse SHALL support redefining the quota interval that specifies a period of time over for which the quota SHALL apply using the FOR INTERVAL clause in the ALTER QUOTA statement.

This statement SHALL also support a number and a time period which will be one of {SECOND | MINUTE | HOUR | DAY | MONTH}. Thus, the complete syntax SHALL be:

FOR INTERVAL number {SECOND | MINUTE | HOUR | DAY} where number is some real number to define the interval.

RQ.SRS-006.RBAC.Quota.Alter.Interval.Randomized

version: 1.0

ClickHouse SHALL support redefining the quota randomized interval that specifies a period of time over for which the quota SHALL apply using the FOR RANDOMIZED INTERVAL clause in the ALTER QUOTA statement.

This statement SHALL also support a number and a time period which will be one of {SECOND | MINUTE | HOUR | DAY | MONTH}. Thus, the complete syntax SHALL be:

FOR [RANDOMIZED] INTERVAL number {SECOND | MINUTE | HOUR | DAY} where number is some real number to define the interval.

RQ.SRS-006.RBAC.Quota.Alter.Queries

version: 1.0

ClickHouse SHALL support altering the limit of number of requests over a period of time using the QUERIES clause in the ALTER QUOTA statement.

RQ.SRS-006.RBAC.Quota.Alter.Errors

version: 1.0

ClickHouse SHALL support altering the limit of number of queries that threw an exception using the ERRORS clause in the ALTER QUOTA statement.

RQ.SRS-006.RBAC.Quota.Alter.ResultRows

version: 1.0

ClickHouse SHALL support altering the limit of the total number of rows given as the result using the RESULT ROWS clause in the ALTER QUOTA statement.

RQ.SRS-006.RBAC.Quota.Alter.ReadRows

version: 1.0

ClickHouse SHALL support altering the limit of the total number of source rows read from tables for running the query on all remote servers using the READ ROWS clause in the ALTER QUOTA statement.

RQ.SRS-006.RBAC.Quota.ALter.ResultBytes

version: 1.0

ClickHouse SHALL support altering the limit of the total number of bytes that can be returned as the result using the RESULT BYTES clause in the ALTER QUOTA statement.

RQ.SRS-006.RBAC.Quota.Alter.ReadBytes

version: 1.0

ClickHouse SHALL support altering the limit of the total number of source bytes read from tables for running the query on all remote servers using the READ BYTES clause in the ALTER QUOTA statement.

RQ.SRS-006.RBAC.Quota.Alter.ExecutionTime

version: 1.0

ClickHouse SHALL support altering the limit of the maximum query execution time using the EXECUTION TIME clause in the ALTER QUOTA statement.

RQ.SRS-006.RBAC.Quota.Alter.NoLimits

version: 1.0

ClickHouse SHALL support limiting the maximum query execution time using the NO LIMITS clause in the ALTER QUOTA statement.

RQ.SRS-006.RBAC.Quota.Alter.TrackingOnly

version: 1.0

ClickHouse SHALL support limiting the maximum query execution time using the TRACKING ONLY clause in the ALTER QUOTA statement.

RQ.SRS-006.RBAC.Quota.Alter.KeyedBy

version: 1.0

ClickHouse SHALL support altering quota to track quota separately for some key following the KEYED BY clause in the ALTER QUOTA statement.

RQ.SRS-006.RBAC.Quota.Alter.KeyedByOptions

version: 1.0

ClickHouse SHALL support altering quota to track quota separately for some parameter using the KEYED BY 'parameter' clause in the ALTER QUOTA statement.

'parameter' can be one of: {'none' | 'user name' | 'ip address' | 'client key' | 'client key or user name' | 'client key or ip address'}

RQ.SRS-006.RBAC.Quota.Alter.Assignment

version: 1.0

ClickHouse SHALL support reassigning quota to one or more users or roles using the TO clause in the ALTER QUOTA statement.

RQ.SRS-006.RBAC.Quota.Alter.Assignment.None

version: 1.0

ClickHouse SHALL support reassigning quota to no users or roles using TO NONE clause in the ALTER QUOTA statement.

RQ.SRS-006.RBAC.Quota.Alter.Assignment.All

version: 1.0

ClickHouse SHALL support reassigning quota to all current users and roles using TO ALL clause in the ALTER QUOTA statement.

RQ.SRS-006.RBAC.Quota.Alter.Assignment.Except

version: 1.0

ClickHouse SHALL support excluding assignment of quota to one or more users or roles using the EXCEPT clause in the ALTER QUOTA statement.

RQ.SRS-006.RBAC.Quota.Alter.Syntax

version: 1.0

ClickHouse SHALL support the following syntax for the ALTER QUOTA statement

ALTER QUOTA [IF EXIST] name
    {{{QUERIES | ERRORS | RESULT ROWS | READ ROWS | RESULT BYTES | READ BYTES | EXECUTION TIME} number} [, ...] FOR INTERVAL number time_unit} [, ...]
    [KEYED BY USERNAME | KEYED BY IP | NOT KEYED] [ALLOW CUSTOM KEY | DISALLOW CUSTOM KEY]
    [TO {user_or_role [,...] | NONE | ALL} [EXCEPT user_or_role [,...]]]
RQ.SRS-006.RBAC.Quota.Drop

version: 1.0

ClickHouse SHALL support removing one or more quotas using the DROP QUOTA statement.

RQ.SRS-006.RBAC.Quota.Drop.Effect

version: 1.0

ClickHouse SHALL unset all the limits that were defined in the quota in all the users and roles to which the quota was assigned.

RQ.SRS-006.RBAC.Quota.Drop.IfExists

version: 1.0

ClickHouse SHALL support using IF EXISTS clause in the DROP QUOTA statement to skip raising an exception when the quota does not exist. If the IF EXISTS clause is not specified then an exception SHALL be raised if the quota does not exist.

RQ.SRS-006.RBAC.Quota.Drop.Cluster

version: 1.0

ClickHouse SHALL support using ON CLUSTER clause in the DROP QUOTA statement to indicate the cluster the quota to be dropped is located on.

RQ.SRS-006.RBAC.Quota.Drop.Syntax

version: 1.0

ClickHouse SHALL support the following syntax for the DROP QUOTA statement

DROP QUOTA [IF EXISTS] name [,name...]
RQ.SRS-006.RBAC.Quota.ShowQuotas

version: 1.0

ClickHouse SHALL support showing all of the current quotas using the SHOW QUOTAS statement with the following syntax

RQ.SRS-006.RBAC.Quota.ShowQuotas.IntoOutfile

version: 1.0

ClickHouse SHALL support the INTO OUTFILE clause in the SHOW QUOTAS statement to define an outfile by some given string literal.

RQ.SRS-006.RBAC.Quota.ShowQuotas.Format

version: 1.0

ClickHouse SHALL support the FORMAT clause in the SHOW QUOTAS statement to define a format for the output quota list.

The types of valid formats are many, listed in output column: https://clickhouse.tech/docs/en/interfaces/formats/

RQ.SRS-006.RBAC.Quota.ShowQuotas.Settings

version: 1.0

ClickHouse SHALL support the SETTINGS clause in the SHOW QUOTAS statement to define settings in the showing of all quotas.

RQ.SRS-006.RBAC.Quota.ShowQuotas.Syntax

version: 1.0

ClickHouse SHALL support using the SHOW QUOTAS statement with the following syntax

SHOW QUOTAS
RQ.SRS-006.RBAC.Quota.ShowCreateQuota.Name

version: 1.0

ClickHouse SHALL support showing the CREATE QUOTA statement used to create the quota with some given name using the SHOW CREATE QUOTA statement with the following syntax

SHOW CREATE QUOTA name
RQ.SRS-006.RBAC.Quota.ShowCreateQuota.Current

version: 1.0

ClickHouse SHALL support showing the CREATE QUOTA statement used to create the CURRENT quota using the SHOW CREATE QUOTA CURRENT statement or the shorthand form SHOW CREATE QUOTA

RQ.SRS-006.RBAC.Quota.ShowCreateQuota.Syntax

version: 1.0

ClickHouse SHALL support the following syntax when using the SHOW CREATE QUOTA statement.

SHOW CREATE QUOTA [name | CURRENT]
RQ.SRS-006.RBAC.RowPolicy.Create

version: 1.0

ClickHouse SHALL support creating row policy using the CREATE ROW POLICY statement.

RQ.SRS-006.RBAC.RowPolicy.Create.Effect

version: 1.0

ClickHouse SHALL use the new row policy to control access to the specified table after the CREATE ROW POLICY statement is successfully executed for any new operations on the table performed by all the users and roles to which the row policy is assigned.

RQ.SRS-006.RBAC.RowPolicy.Create.IfNotExists

version: 1.0

ClickHouse SHALL support IF NOT EXISTS clause in the CREATE ROW POLICY statement to skip raising an exception if a row policy with the same name already exists. If the IF NOT EXISTS clause is not specified then an exception SHALL be raised if a row policy with the same name already exists.

RQ.SRS-006.RBAC.RowPolicy.Create.Replace

version: 1.0

ClickHouse SHALL support OR REPLACE clause in the CREATE ROW POLICY statement to replace existing row policy if it already exists.

RQ.SRS-006.RBAC.RowPolicy.Create.OnCluster

version: 1.0

ClickHouse SHALL support specifying cluster on which to create the role policy using the ON CLUSTER clause in the CREATE ROW POLICY statement.

RQ.SRS-006.RBAC.RowPolicy.Create.On

version: 1.0

ClickHouse SHALL support specifying table on which to create the role policy using the ON clause in the CREATE ROW POLICY statement.

RQ.SRS-006.RBAC.RowPolicy.Create.Access

version: 1.0

ClickHouse SHALL support allowing or restricting access to rows using the AS clause in the CREATE ROW POLICY statement.

RQ.SRS-006.RBAC.RowPolicy.Create.Access.Permissive

version: 1.0

ClickHouse SHALL support allowing access to rows using the AS PERMISSIVE clause in the CREATE ROW POLICY statement.

RQ.SRS-006.RBAC.RowPolicy.Create.Access.Restrictive

version: 1.0

ClickHouse SHALL support restricting access to rows using the AS RESTRICTIVE clause in the CREATE ROW POLICY statement.

RQ.SRS-006.RBAC.RowPolicy.Create.ForSelect

version: 1.0

ClickHouse SHALL support specifying which rows are affected using the FOR SELECT clause in the CREATE ROW POLICY statement. REQUIRES CONFIRMATION

RQ.SRS-006.RBAC.RowPolicy.Create.Condition

version: 1.0

ClickHouse SHALL support specifying a condition that that can be any SQL expression which returns a boolean using the USING clause in the CREATE ROW POLOCY statement.

RQ.SRS-006.RBAC.RowPolicy.Create.Condition.Effect

version: 1.0

ClickHouse SHALL check the condition specified in the row policy using the USING clause in the CREATE ROW POLICY statement. The users or roles to which the row policy is assigned SHALL only see data for which the condition evaluates to the boolean value of true.

RQ.SRS-006.RBAC.RowPolicy.Create.Assignment

version: 1.0

ClickHouse SHALL support assigning row policy to one or more users or roles using the TO clause in the CREATE ROW POLICY statement.

RQ.SRS-006.RBAC.RowPolicy.Create.Assignment.None

version: 1.0

ClickHouse SHALL support assigning row policy to no users or roles using the TO NONE clause in the CREATE ROW POLICY statement.

RQ.SRS-006.RBAC.RowPolicy.Create.Assignment.All

version: 1.0

ClickHouse SHALL support assigning row policy to all current users and roles using TO ALL clause in the CREATE ROW POLICY statement.

RQ.SRS-006.RBAC.RowPolicy.Create.Assignment.AllExcept

version: 1.0

ClickHouse SHALL support excluding assignment of row policy to one or more users or roles using the ALL EXCEPT clause in the CREATE ROW POLICY statement.

RQ.SRS-006.RBAC.RowPolicy.Create.Syntax

version: 1.0

ClickHouse SHALL support the following syntax for the CRETE ROW POLICY statement

CREATE [ROW] POLICY [IF NOT EXISTS | OR REPLACE] policy_name [ON CLUSTER cluster_name] ON [db.]table
    [AS {PERMISSIVE | RESTRICTIVE}]
    [FOR SELECT]
    [USING condition]
    [TO {role [,...] | ALL | ALL EXCEPT role [,...]}]
RQ.SRS-006.RBAC.RowPolicy.Alter

version: 1.0

ClickHouse SHALL support altering row policy using the ALTER ROW POLICY statement.

RQ.SRS-006.RBAC.RowPolicy.Alter.Effect

version: 1.0

ClickHouse SHALL use the updated row policy to control access to the specified table after the ALTER ROW POLICY statement is successfully executed for any new operations on the table performed by all the users and roles to which the row policy is assigned.

RQ.SRS-006.RBAC.RowPolicy.Alter.IfExists

version: 1.0

ClickHouse SHALL support the IF EXISTS clause in the ALTER ROW POLICY statement to skip raising an exception if a row policy does not exist. If the IF EXISTS clause is not specified then an exception SHALL be raised if a row policy does not exist.

RQ.SRS-006.RBAC.RowPolicy.Alter.ForSelect

version: 1.0

ClickHouse SHALL support modifying rows on which to apply the row policy using the FOR SELECT clause in the ALTER ROW POLICY statement. REQUIRES FUNCTION CONFIRMATION.

RQ.SRS-006.RBAC.RowPolicy.Alter.OnCluster

version: 1.0

ClickHouse SHALL support specifying cluster on which to alter the row policy using the ON CLUSTER clause in the ALTER ROW POLICY statement.

RQ.SRS-006.RBAC.RowPolicy.Alter.On

version: 1.0

ClickHouse SHALL support specifying table on which to alter the row policy using the ON clause in the ALTER ROW POLICY statement.

RQ.SRS-006.RBAC.RowPolicy.Alter.Rename

version: 1.0

ClickHouse SHALL support renaming the row policy using the RENAME clause in the ALTER ROW POLICY statement.

RQ.SRS-006.RBAC.RowPolicy.Alter.Access

version: 1.0

ClickHouse SHALL support altering access to rows using the AS clause in the CREATE ROW POLICY statement.

RQ.SRS-006.RBAC.RowPolicy.Alter.Access.Permissive

version: 1.0

ClickHouse SHALL support permitting access to rows using the AS PERMISSIVE clause in the CREATE ROW POLICY statement.

RQ.SRS-006.RBAC.RowPolicy.Alter.Access.Restrictive

version: 1.0

ClickHouse SHALL support restricting access to rows using the AS RESTRICTIVE clause in the CREATE ROW POLICY statement.

RQ.SRS-006.RBAC.RowPolicy.Alter.Condition

version: 1.0

ClickHouse SHALL support re-specifying the row policy condition using the USING clause in the ALTER ROW POLICY statement.

RQ.SRS-006.RBAC.RowPolicy.Alter.Condition.Effect

version: 1.0

ClickHouse SHALL check the new condition specified for the row policy using the USING clause in the ALTER ROW POLICY statement. The users or roles to which the row policy is assigned SHALL only see data for which the new condition evaluates to the boolean value of true.

RQ.SRS-006.RBAC.RowPolicy.Alter.Condition.None

version: 1.0

ClickHouse SHALL support removing the row policy condition using the USING NONE clause in the ALTER ROW POLICY statement.

RQ.SRS-006.RBAC.RowPolicy.Alter.Assignment

version: 1.0

ClickHouse SHALL support reassigning row policy to one or more users or roles using the TO clause in the ALTER ROW POLICY statement.

RQ.SRS-006.RBAC.RowPolicy.Alter.Assignment.None

version: 1.0

ClickHouse SHALL support reassigning row policy to no users or roles using the TO NONE clause in the ALTER ROW POLICY statement.

RQ.SRS-006.RBAC.RowPolicy.Alter.Assignment.All

version: 1.0

ClickHouse SHALL support reassigning row policy to all current users and roles using the TO ALL clause in the ALTER ROW POLICY statement.

RQ.SRS-006.RBAC.RowPolicy.Alter.Assignment.AllExcept

version: 1.0

ClickHouse SHALL support excluding assignment of row policy to one or more users or roles using the ALL EXCEPT clause in the ALTER ROW POLICY statement.

RQ.SRS-006.RBAC.RowPolicy.Alter.Syntax

version: 1.0

ClickHouse SHALL support the following syntax for the ALTER ROW POLICY statement

ALTER [ROW] POLICY [IF EXISTS] name [ON CLUSTER cluster_name] ON [database.]table
    [RENAME TO new_name]
    [AS {PERMISSIVE | RESTRICTIVE}]
    [FOR SELECT]
    [USING {condition | NONE}][,...]
    [TO {role [,...] | ALL | ALL EXCEPT role [,...]}]
RQ.SRS-006.RBAC.RowPolicy.Drop

version: 1.0

ClickHouse SHALL support removing one or more row policies using the DROP ROW POLICY statement.

RQ.SRS-006.RBAC.RowPolicy.Drop.Effect

version: 1.0

ClickHouse SHALL remove checking the condition defined in the row policy in all the users and roles to which the row policy was assigned.

RQ.SRS-006.RBAC.RowPolicy.Drop.IfExists

version: 1.0

ClickHouse SHALL support using the IF EXISTS clause in the DROP ROW POLICY statement to skip raising an exception when the row policy does not exist. If the IF EXISTS clause is not specified then an exception SHALL be raised if the row policy does not exist.

RQ.SRS-006.RBAC.RowPolicy.Drop.On

version: 1.0

ClickHouse SHALL support removing row policy from one or more specified tables using the ON clause in the DROP ROW POLICY statement.

RQ.SRS-006.RBAC.RowPolicy.Drop.OnCluster

version: 1.0

ClickHouse SHALL support removing row policy from specified cluster using the ON CLUSTER clause in the DROP ROW POLICY statement.

RQ.SRS-006.RBAC.RowPolicy.Drop.Syntax

version: 1.0

ClickHouse SHALL support the following syntax for the DROP ROW POLICY statement.

DROP [ROW] POLICY [IF EXISTS] name [,...] ON [database.]table [,...] [ON CLUSTER cluster_name]
RQ.SRS-006.RBAC.RowPolicy.ShowCreateRowPolicy

version: 1.0

ClickHouse SHALL support showing the CREATE ROW POLICY statement used to create the row policy using the SHOW CREATE ROW POLICY statement.

RQ.SRS-006.RBAC.RowPolicy.ShowCreateRowPolicy.On

version: 1.0

ClickHouse SHALL support showing statement used to create row policy on specific table using the ON in the SHOW CREATE ROW POLICY statement.

RQ.SRS-006.RBAC.RowPolicy.ShowCreateRowPolicy.Syntax

version: 1.0

ClickHouse SHALL support the following syntax for SHOW CREATE ROW POLICY.

SHOW CREATE [ROW] POLICY name ON [database.]table
RQ.SRS-006.RBAC.RowPolicy.ShowRowPolicies

version: 1.0

ClickHouse SHALL support showing row policies using the SHOW ROW POLICIES statement.

RQ.SRS-006.RBAC.RowPolicy.ShowRowPolicies.On

version: 1.0

ClickHouse SHALL support showing row policies on a specific table using the ON clause in the SHOW ROW POLICIES statement.

RQ.SRS-006.RBAC.RowPolicy.ShowRowPolicies.Syntax

version: 1.0

ClickHouse SHALL support the following syntax for SHOW ROW POLICIES.

SHOW [ROW] POLICIES [ON [database.]table]

Privileges

RQ.SRS-006.RBAC.Privileges.Usage

version: 1.0

ClickHouse SHALL support granting or revoking usage privilege for a database or a specific table to one or more users or roles.

RQ.SRS-006.RBAC.Privileges.Select

version: 1.0

ClickHouse SHALL support granting or revoking select privilege for a database or a specific table to one or more users or roles.

RQ.SRS-006.RBAC.Privileges.SelectColumns

version: 1.0

ClickHouse SHALL support granting or revoking select columns privilege for a specific table to one or more users or roles.

Insert
RQ.SRS-006.RBAC.Privileges.Insert

version: 1.0

ClickHouse SHALL support changing access to the insert privilege for a database or a specific table to one or more users or roles. Any INSERT INTO statements SHALL not to be executed, unless the user has the insert privilege for the destination table either because of the explicit grant or through one of the roles assigned to the user.

RQ.SRS-006.RBAC.Privileges.Insert.Grant

version: 1.0

ClickHouse SHALL support granting insert privilege for a database or a specific table to one or more users or roles.

RQ.SRS-006.RBAC.Privileges.Insert.Revoke

version: 1.0

ClickHouse SHALL support revoking insert privilege for a database or a specific table to one or more users or roles

RQ.SRS-006.RBAC.Privileges.Insert.Column

version: 1.0

ClickHouse SHALL support granting or revoking insert privilege for one or more specified columns in a table to one or more users or roles. Any INSERT INTO statements SHALL not to be executed, unless the user has the insert privilege for the destination column either because of the explicit grant or through one of the roles assigned to the user.

RQ.SRS-006.RBAC.Privileges.Insert.Cluster

version: 1.0

ClickHouse SHALL support granting or revoking insert privilege on a specified cluster to one or more users or roles. Any INSERT INTO statements SHALL succeed only on nodes where the table exists and privilege was granted.

RQ.SRS-006.RBAC.Privileges.Insert.GrantOption

version: 1.0

ClickHouse SHALL support granting insert privilege for a database or a specific table to one or more users or roles with a GRANT OPTION clause. User with grant option privilege SHALL be able to change access to the insert privilege by another user or role on the same or smaller scope that they have access to.

RQ.SRS-006.RBAC.Privileges.Insert.GrantOption.Grant

version: 1.0

ClickHouse SHALL support a user with grant option privilege granting insert privilege to other users or roles on the same or smaller scope that they have access to. Any INSERT INTO statements SHALL succeed when done by a user with privilege granted by a user with GRANT OPTION, either directly or through an assigned role.

RQ.SRS-006.RBAC.Privileges.Insert.GrantOption.Revoke

version: 1.0

ClickHouse SHALL support a user with grant option privilege revoking insert privilege from other users or roles on the same or smaller scope that they have access to. Any INSERT INTO statements SHALL fail when done by a user with privilege revoke by a user with GRANT OPTION, either directly or through an assigned role, unless they have access otherwise.

RQ.SRS-006.RBAC.Privileges.Delete

version: 1.0

ClickHouse SHALL support granting or revoking delete privilege for a database or a specific table to one or more users or roles.

RQ.SRS-006.RBAC.Privileges.Alter

version: 1.0

ClickHouse SHALL support granting or revoking alter privilege for a database or a specific table to one or more users or roles.

RQ.SRS-006.RBAC.Privileges.Create

version: 1.0

ClickHouse SHALL support granting or revoking create privilege for a database or a specific table to one or more users or roles.

RQ.SRS-006.RBAC.Privileges.Drop

version: 1.0

ClickHouse SHALL support granting or revoking drop privilege for a database or a specific table to one or more users or roles.

RQ.SRS-006.RBAC.Privileges.All

version: 1.0

ClickHouse SHALL include in the all privilege the same rights as provided by usage, select, select columns, insert, delete, alter, create, and drop privileges.

RQ.SRS-006.RBAC.Privileges.All.GrantRevoke

version: 1.0

ClickHouse SHALL support granting or revoking all privileges for a database or a specific table to one or more users or roles.

RQ.SRS-006.RBAC.Privileges.GrantOption

version: 1.0

ClickHouse SHALL support granting or revoking grant option privilege for a database or a specific table to one or more users or roles.

RQ.SRS-006.RBAC.Privileges.AdminOption

version: 1.0

ClickHouse SHALL support granting or revoking admin option privilege to one or more users or roles.

Required Privileges

RQ.SRS-006.RBAC.RequiredPrivileges.Select

version: 1.0

ClickHouse SHALL not allow any SELECT statements to be executed unless the user has the select or select columns privilege for the destination table either because of the explicit grant or through one of the roles assigned to the user. If the the user only has the select columns privilege then only the specified columns SHALL be available for reading.

RQ.SRS-006.RBAC.RequiredPrivileges.Create

version: 1.0

ClickHouse SHALL not allow any CREATE statements to be executed unless the user has the create privilege for the destination database either because of the explicit grant or through one of the roles assigned to the user.

RQ.SRS-006.RBAC.RequiredPrivileges.Alter

version: 1.0

ClickHouse SHALL not allow any ALTER statements to be executed unless the user has the alter privilege for the destination table either because of the explicit grant or through one of the roles assigned to the user.

RQ.SRS-006.RBAC.RequiredPrivileges.Drop

version: 1.0

ClickHouse SHALL not allow any DROP statements to be executed unless the user has the drop privilege for the destination database either because of the explicit grant or through one of the roles assigned to the user.

RQ.SRS-006.RBAC.RequiredPrivileges.Drop.Table

version: 1.0

ClickHouse SHALL not allow any DROP TABLE statements to be executed unless the user has the drop privilege for the destination database or the table either because of the explicit grant or through one of the roles assigned to the user.

RQ.SRS-006.RBAC.RequiredPrivileges.GrantRevoke

version: 1.0

ClickHouse SHALL not allow any GRANT or REVOKE statements to be executed unless the user has the grant option privilege for the privilege of the destination table either because of the explicit grant or through one of the roles assigned to the user.

RQ.SRS-006.RBAC.RequiredPrivileges.Use

version: 1.0

ClickHouse SHALL not allow the USE statement to be executed unless the user has at least one of the privileges for the database or the table inside that database either because of the explicit grant or through one of the roles assigned to the user.

RQ.SRS-006.RBAC.RequiredPrivileges.Admin

version: 1.0

ClickHouse SHALL not allow any of the following statements

  • SYSTEM
  • SHOW
  • ATTACH
  • CHECK TABLE
  • DESCRIBE TABLE
  • DETACH
  • EXISTS
  • KILL QUERY
  • KILL MUTATION
  • OPTIMIZE
  • RENAME
  • TRUNCATE

to be executed unless the user has the admin option privilege through one of the roles with admin option privilege assigned to the user.

References