qmdt
commented
2 years ago Is there anyone who can explain this ? thanks
Open qmdt opened 3 years ago
qmdt
commented
2 years ago Is there anyone who can explain this ? thanks
Hi, When I try to figure out the drop privilege of clickhouse cluster ,I find that a user could not drop database with tables in it with "drop database" privilege,the server returns error said "DB::Exception: user1: Not enough privileges. To execute this query it's necessary to have grant DROP TABLE ON db1.testtb1". But when excute the drop database SQL with "on cluster", it did work, which means the tables in the database are dropped too. I think thats strange. my steps are below:
1.# create role create role1 on cluster default_cluster;
create user
create user1 on cluster default_cluster;
create database
create database db1 on cluster default_cluster;
create table
CREATE TABLE db1.testtb1 (
idString,priceFloat64,create_timeDateTime ) ENGINE = ReplicatedMergeTree('/clickhouse/db1/tables/{shard}/testtb1', '{replica}') PARTITION BY toYYYYMM(create_time) ORDER BY id SETTINGS index_granularity = 8192grant drop database privilege to role
grant drop database to role1 on cluster default_cluster;
grant role to user
grant role1 to user1 on cluster default_cluster;
and the results were : Received exception from server (version 21.3.4): Code: 497. DB::Exception: Received from xxxxx DB::Exception: user1: Not enough privileges. To execute this query it's necessary to have grant DROP TABLE ON db1.testtb1.
8.excute the command with "on cluster" : drop database db1 on cluster default_cluster;
it works,the database db1 and the table testtb1 are all dropped on any server of the cluster. I think this is strange, if it can‘t be excuted on one server ,how could it be excuted on cluster ? As I did in my steps, the "drop database" privilege should be the same on all server,I think step8 should have the same result as step7.
my clickhouse version is 21.3.4,I use the tcp interface,all default settings, THANKS FOR ANY HELP.