Help wanted!

The following content of this documentation page has been machine-translated. But unlike other websites, it is not done on the fly. This translated text lives on GitHub repository alongside main ClickHouse codebase and waits for fellow native speakers to make it more human-readable. You can also use the original English version as a reference.

Help ClickHouse documentation by editing this page

查询权限

ClickHouse中的查询可以分为几种类型:

  1. 读取数据查询: SELECT, SHOW, DESCRIBE, EXISTS.
  2. 写入数据查询: INSERT, OPTIMIZE.
  3. 更改设置查询: SET, USE.
  4. DDL 查询: CREATE, ALTER, RENAME, ATTACH, DETACH, DROP TRUNCATE.
  5. KILL QUERY.

以下设置按查询类型规范用户权限:

  • 只读 — Restricts permissions for all types of queries except DDL queries.
  • allow_ddl — Restricts permissions for DDL queries.

KILL QUERY 可以与任何设置进行。

只读

限制读取数据、写入数据和更改设置查询的权限。

查看查询如何划分为多种类型 以上.

可能的值:

  • 0 — All queries are allowed.
  • 1 — Only read data queries are allowed.
  • 2 — Read data and change settings queries are allowed.

设置后 readonly = 1,用户无法更改 readonlyallow_ddl 当前会话中的设置。

使用时 GET 方法中的 HTTP接口, readonly = 1 自动设置。 要修改数据,请使用 POST 方法。

设置 readonly = 1 禁止用户更改所有设置。 有一种方法可以禁止用户
从只更改特定设置,有关详细信息,请参阅 对设置的限制.

默认值:0

allow_ddl

允许或拒绝 DDL 查询。

查看查询如何划分为多种类型 以上.

可能的值:

  • 0 — DDL queries are not allowed.
  • 1 — DDL queries are allowed.

你不能执行 SET allow_ddl = 1 如果 allow_ddl = 0 对于当前会话。

默认值:1

原始文章