tencent cloud

PrevNext

Feedback

search by keyword

Recent Pages

Documentation
Cloud Data Warehouse
    Documentation
    Download PDF

    Account and Authorization

    Last updated: 2024-01-19 16:45:30
    Download PDF

      Overview

      CDW provides a visual UI for you to create RBAC accounts and configure their permissions, quotas, settings profiles, and row policies. This helps you control account permissions in a CDW cluster more easily and efficiently.

      Account

      CDW allows you to create and delete accounts and view and reset passwords.
      1. Log in to the CDW console, click a Cluster ID/Name in the cluster list to enter the cluster details page, and switch to Account Management.
      
      
      2. You can add and delete accounts and change their passwords.
      
      
      Note:
      Account name rule: It can contain 2–16 lowercase letters, digits, and underscores and must start with a letter and end with a letter or digit.
      Password rule: It must contain 8–30 (preferably more than 12) characters in at least three of the following types: lowercase letters, uppercase letters, digits, and symbols ()!@#$%^&*|?><, and cannot start with /.
      An XML account is a user defined in the user.xml configuration file, while an RBAC account is an account created on the Account Management page. The two types of accounts are separated. We recommend you not use duplicate account names; otherwise, account permissions may be inconsistent.
      XML accounts can be only queried but cannot be modified. You can only perform modifications in the user.xml configuration file.

      Authorization

      1. Log in to the CDW console, click the target ID/Name in the cluster list to enter the cluster details page, and switch to Account Management. Click Authorize Now to enter the Account Authorization tab and authorize the account (by selecting a V-cluster and granting permissions of databases and tables):
      
      
      Access Scope: You can grant the permissions of all or certain databases and tables.
      General Permissions:
      Query (enabled by default): SELECT, which is used to query databases, tables, and views.
      Configuration: ALTER, which is used to modify table structures.
      Insertion: INSERT, which is used to insert table data.
      High-Risk Permissions:
      Table permissions
      Table creation: CREATE TABLE, CREATE VIEW, and CREATE DICTIONARY, which are used to create tables, views, and dictionaries respectively.
      Clearing: TRUNCATE and OPTIMIZE, which are used to clear and merge the table data respectively.
      Table deletion: DROP TABLE, DROP VIEW, and DROP DICTIONARY, which are used to delete tables, views, and dictionaries respectively.
      Database permissions
      Database creation: CREATE DATABASE, which is used to create databases. This option takes effect globally. If it is selected, you can see all databases.
      Database deletion: DROP DATABASE, which takes effect only for specific databases.
      2. Authorize certain databases and tables.
      Note:
      Some databases and tables supports finer-granularity and more flexible database/table permission configuration; that is, you can configure different permissions for any databases/tables.
      Each permission configuration is an incremental operation. Compared with previous permissions, unchanged permissions are not deleted, only removed permissions are deleted, and new permissions are added. This avoids affecting business operations during the permission change.

      Configuration

      On ClickHouse 20.3 and later, items that previously can only be configured through XML such as row policy, settings profile, and quota can be created, modified, and deleted through SQL statements.
      1. Quota
      Note:
      A quota offers seven configuration items. You can hover over each of them to view the description.
      In the console, you can select multiple configuration items among the seven items as a combination.
      2. Settings profile Each settings profile contains a certain number of configuration items, and all 335 configuration items can be found in the settings table in the system database. In the console, you can select multiple configuration items as a combination and name them as a single settings profile, which can be applied to one or multiple RBAC accounts.
      3. Row policy A row policy is a filter defining the rows that can seen by users.
      Note:
      If multiple row policies are configured for a table in the cluster, users with no policies configured cannot query the data of the table.

      Notes

      1. Operations on the Account Management page involve only RBAC accounts, but not XML accounts.
      2. You can grant one account the permissions of multiple databases/tables in the V-cluster. Each operation generates an authorization record.
      3. After authorization, you need to modify the password of the default passwordless XML account to avoid potential security risks.
      4. After you configure an RBAC account on the Account Management page, you can run common ClickHouse commands on the CDW Studio platform in the CDW console.
      5. The new CDW Studio platform is available now, and XML users can log in to it to perform operations.
      Contact Us

      Contact our sales team or business advisors to help your business.

      Contact Us
      Technical Support

      Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

      Submit a Ticket
      7x24 Phone Support
      Copyright © 2013-2024 Tencent Cloud. All Rights Reserved.
      Privacy PolicyLegalCookie Policy