ClickHouse-004-sql命令创建用户以及授权

原创

运维之美 2021-06-26 23:26:24 博主文章分类：ClickHouse ©著作权

©著作权归作者所有：来自51CTO博客作者运维之美的原创作品，请联系作者获取转载授权，否则将追究法律责任

一、演示环境说明

ClickHouse服务版本是ClickHouse server version 20.8.3.18

二、具体创建用户和授权的sql指令

ClickHouse创建用户和授权的sql指令语法和MySQL基本相似，但是还是有点不同 下面直接贴出具体的授权命令方便工作中查看

CREATE USER dba_u HOST LIKE '172.16.0.197'  IDENTIFIED WITH sha256_password BY '123456';
或者
CREATE USER dba_u  IDENTIFIED WITH sha256_password BY '123456' HOST LIKE '172.16.0.197';
**授权指令:**
grant select,insert,update,delete on test008.* to dba_u WITH GRANT OPTION;

三、验证结果


[root@tidb05 ~]# mysql -uwujianwei -h 172.16.0.247 --password=j780UJy9D2tn --port=9004 -e "select * from system.users where name='dba_u';"
mysql: [Warning] Using a password on the command line interface can be insecure.
+-------+--------------------------------------+-----------------+-----------------+-------------+---------+------------+-------------------+------------------+-------------------+--------------------+----------------------+
| name  | id                                   | storage         | auth_type       | auth_params | host_ip | host_names | host_names_regexp | host_names_like  | default_roles_all | default_roles_list | default_roles_except |
+-------+--------------------------------------+-----------------+-----------------+-------------+---------+------------+-------------------+------------------+-------------------+--------------------+----------------------+
| dba_u | b1490d93-b115-7a0f-646c-be3c6cbdc983 | local directory | sha256_password | {}          | []      | []         | []                | ['172.16.0.197'] |                 1 | []                 | []                   |
+-------+--------------------------------------+-----------------+-----------------+-------------+---------+------------+-------------------+------------------+-------------------+--------------------+----------------------+

[root@tidb05 ~]# clickhouse-client  -uwujianwei -h 172.16.0.247 --password=j780UJy9D2tn --port=9000 -q "select * from system.users where name='dba_u';"
dba_u	b1490d93-b115-7a0f-646c-be3c6cbdc983	local directory	sha256_password	{}	[]	[]	[]	['172.16.0.197']	1	[]	[]


tidb06 :) show grants for dba_u;

SHOW GRANTS FOR dba_u

┌─GRANTS FOR dba_u─────────────────────────────────────────────────────────────────────────┐
│ GRANT SELECT, INSERT, ALTER UPDATE, ALTER DELETE ON test008.* TO dba_u WITH GRANT OPTION │
└──────────────────────────────────────────────────────────────────────────────────────────┘

1 rows in set. Elapsed: 0.001 sec.

[root@tidb04 ~]# clickhouse-client --user=dba_u -h 172.16.0.247 --password=123456 --port=9000 -q "show databases;"
test008

四、创建一个用户可以增删改查

创建dba_a用户。权限是select,insert,update,delete

[root@tidb06 users.d]# clickhouse-client -udba -m --password=j780UJy9D2tn
ClickHouse client version 20.8.3.18.
Connecting to localhost:9000 as user dba.
Connected to ClickHouse server version 20.8.3 revision 54438.

tidb06 :) CREATE USER dba_a IDENTIFIED WITH sha256_password BY '123456' HOST LIKE '172.16.0.197';
tidb06 :) grant select,insert,update,delete on test008.* to dba_a;
tidb06 :) show grants for dba_a;

SHOW GRANTS FOR dba_a

┌─GRANTS FOR dba_a───────────────────────────────────────────────────────┐
│ GRANT SELECT, INSERT, ALTER UPDATE, ALTER DELETE ON test008.* TO dba_a │
└────────────────────────────────────────────────────────────────────────┘

tidb06 :) select * from system.users where name='dba_a';

SELECT *
FROM system.users
WHERE name = 'dba_a'

┌─name──┬───────────────────────────────────id─┬─storage─────────┬─auth_type───────┬─auth_params─┬─host_ip─┬─host_names─┬─host_names_regexp─┬─host_names_like──┬─default_roles_all─┬─default_roles_list─┬─default_roles_except─┐
│ dba_a │ f84220ed-456f-648c-18e2-8f30be82b4aa │ local directory │ sha256_password │ {}          │ []      │ []         │ []                │ ['172.16.0.197'] │                 1 │ []                 │ []                   │
└───────┴──────────────────────────────────────┴─────────────────┴─────────────────┴─────────────┴─────────┴────────────┴───────────────────┴──────────────────┴───────────────────┴────────────────────┴──────────────────────┘

在服务器上会生产sql文件：


[root@tidb06 access]# cat f84220ed-456f-648c-18e2-8f30be82b4aa.sql 
ATTACH USER dba_a IDENTIFIED WITH sha256_hash BY '8D969EEF6ECAD3C29A3A629280E686CF0C3F5D5A86AFF3CA12020C923ADC6C92' HOST LIKE '172.16.0.197';
ATTACH GRANT SELECT, INSERT, ALTER UPDATE, ALTER DELETE ON test008.* TO dba_a;
[root@tidb06 access]# pwd
/var/lib/clickhouse/access


[root@tidb04 ~]# clickhouse-client --user=dba_a -h 172.16.0.247 --password=123456 --port=9000 -m
ClickHouse client version 20.8.3.18.
Connecting to 172.16.0.247:9000 as user dba_a.
Connected to ClickHouse server version 20.8.3 revision 54438.

tidb06 :) show databases;

SHOW DATABASES

┌─name────┐
│ test008 │
└─────────┘

tidb06 :) show tables;

SHOW TABLES

┌─name───────┐
│ test_table │
└────────────┘

1 rows in set. Elapsed: 0.002 sec. 

tidb06 :) select * from test_table;

SELECT *
FROM test_table

Ok.

0 rows in set. Elapsed: 0.002 sec. 


tidb06 :) INSERT INTO test_table (province, province_name, create_date) VALUES ('山西','太原市','2021-01-25'),('山西','太原市','2021-02-25');

INSERT INTO test_table (province, province_name, create_date) VALUES

Ok.

2 rows in set. Elapsed: 0.003 sec. 

tidb06 :) select * from test_table;

SELECT *
FROM test_table

┌─province─┬─province_name─┬─create_date─┐
│ 山西     │ 太原市        │  2020-08-25 │
└──────────┴───────────────┴─────────────┘
┌─province─┬─province_name─┬─create_date─┐
│ 山西     │ 太原市        │  2021-02-25 │
└──────────┴───────────────┴─────────────┘
┌─province─┬─province_name─┬─create_date─┐
│ 山西     │ 太原市        │  2021-01-25 │
└──────────┴───────────────┴─────────────┘

五、ClickHouse服务默认安装目录下存放文件说明

/var/lib/clickhouse/metadata/ 存放的是线上所有库的建表sql /var/lib/clickhouse/preprocessed_configs/users.xml 所用的用户的文件都整合到这个文件中了。 /var/lib/clickhouse/access 存放的是线上所有用户的授权的sql

到此处简单介绍完成，后续会对这一块做进一步的深入测试