User permission parameters for the ClickHouse service on an E-MapReduce (EMR) ClickHouse cluster are defined in two configuration files: server-users and server-metrika. These parameters control three areas: users, profiles, and quotas.
All parameters are available on the Configure tab of the ClickHouse service page.
Prerequisites
Before you begin, ensure that you have:
An EMR ClickHouse cluster. See Create a ClickHouse cluster.
User parameters
User parameters are on the server-users tab.
| Parameter | Description |
|---|---|
users.default.access_management | Whether to grant management permissions to the default user. Default: true. |
users.default.networks.ip | IP addresses from which the default user can connect. Default: ::/0 (all IP addresses). To specify multiple addresses, separate them with commas. |
users.default.profile | The profile assigned to the default user. Default: default. |
users.default.password | The plaintext password for the default user. Use users.default.password_sha256_hex or users.default.password_double_sha1_hex instead — see Password configuration. |
users.default.quota | The quota assigned to the default user. Default: default. |
Configure at least one of users.default.networks.ip, users.default.networks.host, or users.default.networks.host_regexp. Leaving all three unset may cause a network disconnection.
Password configuration
Avoid storing passwords in plaintext using users.default.password. Use a hashed password instead:
users.default.password_sha256_hex— A hexadecimal string generated with Secure Hash Algorithm 256 (SHA-256).users.default.password_double_sha1_hex— A hexadecimal string generated by applying Secure Hash Algorithm 1 (SHA-1) twice.
Profile parameters
Profile parameters are on the server-users tab.
| Parameter | Description |
|---|---|
profiles.default.max_memory_usage | Maximum memory for a single query in the default profile. Default: 0 (unlimited). Unit: bytes. |
profiles.default.use_uncompressed_cache | Whether to cache uncompressed data blocks in the default profile. 1 enables the cache; 0 disables it (default). |
profiles.default.load_balancing | Replica selection algorithm for distributed query processing in the default profile. Default: random. See load_balancing in the ClickHouse documentation for available algorithms. |
profiles.readonly.readonly | Whether to allow the readonly profile to perform read-only operations. 1 allows read-only operations (default); 0 does not allow read-only operations. |
Quota parameters
Quota parameters are on the server-metrika tab.
Quotas limit resource usage over a time period across a set of queries — as opposed to per-query limits, which are set in profile parameters like profiles.default.max_memory_usage.
quotas_default defines the default quota for users. The default user uses this quota by default, as specified by users.default.quota.
To configure additional quotas, click Add Configuration Item on the Configure tab. See Add configuration items.
What's next
For information about configuring the ClickHouse client, server, and extended parameters, see Configuration parameters.