mirror of
https://github.com/ClickHouse/ClickHouse.git
synced 2024-12-02 12:32:04 +00:00
06aa03f1a7
* Doc fixes: rm anchors <a> * Doc fixes: rm anchors <a> * Doc fixes: fix links * Doc fixes: fix the links
1.8 KiB
1.8 KiB
Permissions for queries
Queries in ClickHouse can be divided into several types:
- Read data queries:
SELECT
,SHOW
,DESCRIBE
,EXISTS
. - Write data queries:
INSERT
,OPTIMIZE
. - Change settings queries:
SET
,USE
. - DDL queries:
CREATE
,ALTER
,RENAME
,ATTACH
,DETACH
,DROP
TRUNCATE
. KILL QUERY
.
The following settings regulate user permissions by the type of query:
- readonly — Restricts permissions for all types of queries except DDL queries.
- allow_ddl — Restricts permissions for DDL queries.
KILL QUERY
can be performed with any settings.
readonly
Restricts permissions for read data, write data and change settings queries.
See how the queries are divided into types above.
Possible values
- 0 — All queries are allowed.
- 1 — Only read data queries are allowed.
- 2 — Read data and change settings queries are allowed.
After setting readonly = 1
, the user can't change readonly
and allow_ddl
settings in the current session.
When using the GET
method in the HTTP interface, readonly = 1
is set automatically. To modify data, use the POST
method.
Default value
0
allow_ddl
Allows/denies DDL queries.
See how the queries are divided into types above.
Possible values
- 0 — DDL queries are not allowed.
- 1 — DDL queries are allowed.
You cannot execute SET allow_ddl = 1
if allow_ddl = 0
for the current session.
Default value
1