All Products
Search
Document Center

ApsaraDB for ClickHouse:Grant permissions

Last Updated:Sep 06, 2024

A Resource Access Management (RAM) user must be granted the AliyunClickHouseFullAccess and AliyunHBaseFullAccess permissions before the RAM user follows instructions in the Quick Start tutorial to perform operations in the ApsaraDB for ClickHouse console, such as creating a cluster and creating an account. This topic describes how to use an Alibaba Cloud account to grant permissions to a RAM user. If you use an Alibaba Cloud account to log on to ApsaraDB for ClickHouse, skip this topic.

Prerequisites

Procedure

  1. Log on to the RAM console as a RAM administrator.

  2. In the left-side navigation pane, choose Identities > Users.

  3. On the Users page, find the required RAM user, and click Add Permissions in the Actions column.

    image

    You can also select multiple RAM users and click Add Permissions in the lower part of the page to grant permissions to the RAM users at a time.

  4. In the Add Permissions panel, grant the required permissions to the RAM user. The following table describes the parameters.

    Parameter

    Description

    Example

    Authorized Scope

    Alibaba Cloud Account: The permissions take effect on all resources of the current Alibaba Cloud account.

    Note

    ApsaraDB for ClickHouse does not support Specific Resource Group.

    Alibaba Cloud Account

    Principal

    The RAM user to which you want to grant permissions. The system automatically sets this parameter to the current RAM user. You can also specify a different RAM user.

    te**@cores.onaliyun.com

    Select Policy

    Policies are categorized into system policies and custom policies.

    • System Policy: Alibaba Cloud provides various default policies for different management purposes. ApsaraDB for ClickHouse uses the following system policies:

      • AliyunClickHouseFullAccess: the permission to manage ApsaraDB for ClickHouse. The account that is granted this permission can perform all operations on all resources in ApsaraDB for ClickHouse.

      • AliyunHBaseFullAccess: the permission to manage ApsaraDB for HBase. The account that is granted this permission can perform all operations on all resources in ApsaraDB for HBase.

      • AliyunClickHouseReadOnlyAccess: the read-only permission of ApsaraDB for ClickHouse resources. The account that is granted this permission can view a list of ApsaraDB for ClickHouse clusters and view database accounts.

    • Custom Policy: You can customize policies based on your business requirements. Custom policies are suitable for users who are familiar with the APIs of Alibaba Cloud services and require fine-grained control.

    Note

    You can attach up to five policies to a RAM user at a time. If you want to attach more than five policies to a RAM user, perform the operation multiple times.

    • AliyunClickHouseFullAccess

    • AliyunHBaseFullAccess

  5. Click OK.

  6. Click Close.

What to do next

Create an ApsaraDB for ClickHouse cluster