Updated on 2025-08-22 GMT+08:00

ClickHouse User Rights

ClickHouse user permission management enables unified management of users, roles, and permissions on each ClickHouse instance in the cluster. You can use the permission management module of the Manager UI to create users, create roles, and bind the ClickHouse access permissions. User permissions are controlled by binding roles to users.

After the permissions on a table are granted to a role, the granted table permissions are not removed when the table is deleted. After a table with the same name is created, the role inherits the original permissions on the table. When necessary, you can manually remove the table permissions that have been granted to the role.

For example, if you create table table_test and grant the read and write permissions on the table table_test to role ck_role, the ck_role role still has the read and write permissions on the table table_test after the table table_test is deleted and another table with the same name is created.

  • Resource management: Table 1 lists the resources supported by ClickHouse permission management.
  • Resource permissions: Table 2 lists the resource permissions supported by ClickHouse.
Table 1 Permission management objects supported by ClickHouse

Resource

Integration

Remarks

Database

Yes (level 1)

-

Table

Yes (level 2)

-

View

Yes (level 2)

Same as tables

Table 2 Resource permission list

Resource

Available Permission

Remarks

Database

CREATE

CREATE DATABASE/TABLE/VIEW/DICTIONARY

Table/View

SELECT/INSERT

-