You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/en/cloud/security/common-access-management-queries.md
+8-8Lines changed: 8 additions & 8 deletions
Original file line number
Diff line number
Diff line change
@@ -46,8 +46,8 @@ Admin users are assigned the `sql_console_admin` role by default, so nothing cha
46
46
This access control functionality can also be configured manually for user-level granularity. Before assigning the new `sql_console_*` roles to users, SQL console user-specific database roles matching the namespace `sql-console-role:<email>` should be created. For example:
47
47
48
48
```sql
49
-
CREATE ROLE OR REPLACE sql_console_role_<email>;
50
-
GRANT<some grants> TO sql_console_role_<email>;
49
+
CREATE ROLE OR REPLACE sql-console-role:<email>;
50
+
GRANT<some grants> TO sql-console-role:<email>;
51
51
```
52
52
53
53
When a matching role is detected, it will be assigned to the user instead of the boilerplate roles. This introduces more complex access control configurations, such as creating roles like `sql_console_sa_role` and `sql_console_pm_role`, and granting them to specific users. For example:
@@ -57,12 +57,12 @@ CREATE ROLE OR REPLACE sql_console_sa_role;
57
57
GRANT<whatever level of access> TO sql_console_sa_role;
58
58
CREATE ROLE OR REPLACE sql_console_pm_role;
59
59
GRANT<whatever level of access> TO sql_console_pm_role;
60
-
CREATE ROLE OR REPLACE `sql_console_role_christoph@clickhouse.com`;
61
-
CREATE ROLE OR REPLACE `sql_console_role_jake@clickhouse.com`;
62
-
CREATE ROLE OR REPLACE `sql_console_role_zach@clickhouse.com`;
63
-
GRANT sql_console_sa_role to `sql_console_role_christoph@clickhouse.com`;
64
-
GRANT sql_console_sa_role to `sql_console_role_jake@clickhouse.com`;
65
-
GRANT sql_console_pm_role to `sql_console_role_zach@clickhouse.com`;
60
+
CREATE ROLE OR REPLACE `sql-console-role:christoph@clickhouse.com`;
61
+
CREATE ROLE OR REPLACE `sql-console-role:jake@clickhouse.com`;
62
+
CREATE ROLE OR REPLACE `sql-console-role:zach@clickhouse.com`;
63
+
GRANT sql_console_sa_role to `sql-console-role:christoph@clickhouse.com`;
64
+
GRANT sql_console_sa_role to `sql-console-role:jake@clickhouse.com`;
65
+
GRANT sql_console_pm_role to `sql-console-role:zach@clickhouse.com`;
0 commit comments