-
Notifications
You must be signed in to change notification settings - Fork 472
/
Copy path05-settings-08-grants.yaml
31 lines (31 loc) · 1.15 KB
/
05-settings-08-grants.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
apiVersion: clickhouse.altinity.com/v1
kind: ClickHouseInstallation
metadata:
name: grants-example
spec:
configuration:
users:
myuser/profile: readonly
myuser/grants/query:
# you can't combine `allow_databases` with `GRANT ... canarydb.*`
- "GRANT SELECT,INSERT,ALTER,CREATE,DROP,TRUNCATE,OPTIMIZE,SHOW,dictGet,REMOTE ON *.*"
myuser/allow_databases/database:
- "canarydb"
myuser2/profile: default
myuser2/grants/query:
- "GRANT limited_role"
files:
users.d/limited_role.xml:
<clickhouse>
<roles>
<limited_role>
<grants>
<query>REVOKE ALL ON *.*</query>
<query>GRANT SELECT,INSERT,ALTER,CREATE,DROP,TRUNCATE,OPTIMIZE,SHOW,dictGet ON db1.*</query>
<query>GRANT SELECT,INSERT,ALTER,CREATE,DROP,TRUNCATE,OPTIMIZE,SHOW,dictGet ON db2.*</query>
<query>GRANT SELECT,INSERT,ALTER,CREATE,DROP,TRUNCATE,OPTIMIZE,SHOW,dictGet ON db3.*</query>
<query>GRANT SELECT,SHOW,dictGet,REMOTE ON *.*</query>
</grants>
</limited_role>
</roles>
</clickhouse>