Altinity Cloud Access Management
Organizations that want to enable administrative users in their Altinity.Cloud ClickHouse servers can do so by enabling
access_management manually. This allows for administrative users to be created on the specific ClickHouse Cluster.
WARNINGModifying the ClickHouse cluster settings manually can lead to the cluster not loading or other issues. Change settings only with full consultation with an Altinity.Cloud support team member, and be ready to remove settings if they cause any disruption of service.
To add the
access_management setting to an Altinity.Cloud ClickHouse Cluster:
Log into your Altinity.Cloud account.
For the cluster to modify, select Configure -> Settings.
From the Settings page, select +ADD SETTING.
Set the following options:
Setting Type: Select users.d file.
Contents: Enter the following to allow the
clickhouse_operatorthat controls the cluster through the
clickhouse-operatorthe ability to set administrative options:
<yandex> <users> <admin> <access_management>1</access_management> </admin> <clickhouse_operator> <access_management>1</access_management> </clickhouse_operator> </users> </yandex>
access_management=1 means that users
clickhouse_operatorare able to create users and grant them privileges using SQL.
Select OK. The cluster will restart, and users can now be created in the cluster that can be granted administrative access.
If you are running ClickHouse 21.9 and above you can enable storing access management in ZooKeeper. in this case it will be automatically propagated to the cluster. This requires yet another configuration file:
Setting Type: Select config.d file
<yandex> <user_directories replace="replace"> <users_xml> <path>/etc/clickhouse-server/users.xml</path> </users_xml> <replicated> <zookeeper_path>/clickhouse/access/</zookeeper_path> </replicated> </user_directories> </yandex>