1. Home
  2. Knowledge Base
  3. ClickHouse
  4. The significance of access management
  1. Home
  2. Knowledge Base
  3. ClickHouse DBA
  4. The significance of access management
  1. Home
  2. Knowledge Base
  3. ClickHouse Performance
  4. The significance of access management
  1. Home
  2. Knowledge Base
  3. ClickHouse Troubleshooting
  4. The significance of access management

The significance of access management

This article explains how to define SQL users and roles and then apply privileges and permissions to databases, tables, rows, and columns. CREATE, DROP, ALTER operations cannot be performed for the following objects, even if you are an admin user, without granting Access Management permission in ClickHouse, by default.

  • Users
  • Roles
  • Quotas
  • Profiles

When you try to do the following tasks without editing the access management parameter in users.xml, you will receive a ‘Not enough privileges.’ error.

CH01 :) CREATE USER test_user IDENTIFIED WITH sha256_password BY 'w@lcome1';

CREATE USER test_user IDENTIFIED WITH sha256_hash BY '87C9D692908B7A00197337CA5263D3DF244357BB19A9C9C0A2C0A09BB16CCDF4' SALT '2F89027275D386B57A1417AE47483F107BEBE52BA1B31890D953AB6626DCCEA6'

Query id: 23e37f61-5b3a-49c6-8883-cf7028d435d3

Received exception from server (version 22.9.3):
Code: 497. DB::Exception: Received from localhost:9000. DB::Exception: default: Not enough privileges. To execute this query it's necessary to have grant CREATE USER ON *.*. (ACCESS_DENIED)

To come through this situation, you need to modify /etc/clickhouse-server/users.xml

<access_management>1</access_management>

When the tails on the right and left are erased around the parameter, you will be able to do these tasks instantly. This parameter modification is a dynamic procedure, and the transactions became possible after the relevant modification was made.

CH01 :) CREATE USER test_user IDENTIFIED WITH sha256_password BY 'w@lcome1';

CREATE USER test_user IDENTIFIED WITH sha256_hash BY '980186342F9C55B842859A8FE0E499167F3A4A9E6CB727797A552669B7581B27' SALT '9AA744A42A593E03A0FD1BDAF16F3DEF9FA611414D080ACDDB171AEEADF8D92E'

Query id: 81acad6c-fc95-44da-bcd9-66adf63e337d

Ok.

 

Was this article helpful?

Related Articles

CHISTADATA IS COMMITTED TO OPEN SOURCE SOFTWARE AND BUILDING HIGH PERFORMANCE COLUMNSTORES

In the spirit of freedom, independence and innovation. ChistaDATA Corporation is not affiliated with ClickHouse Corporation 

Need Support?

Can't find the answer you're looking for?
Contact Support

ChistaDATA Inc. Knowledge base is licensed under the Apache License, Version 2.0 (the “License”)

Copyright 2022 ChistaDATA Inc

Licensed under the Apache License, Version 2.0 (the “License”); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an “AS IS” BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.