How to manage users and permissions

Permissions required to complete the steps below

To complete the steps described in this article, you need to be designated as an organization owner.

These instructions explain how to:

To perform all the actions in these instructions, open your project's Members page.

Revoke an invitation

  1. Under Pending invitations, find an invitation you want to revoke.

  2. On the right side of the line, click Revoke.

  3. Click Revoke to confirm.

Resend an invitation

  1. Under Pending invitations, find the invitation you want to resend.

  2. On the right side of the line, click Resend invitation.

Change permissions for an active member

  1. Under Active members, find the user you want to edit permissions for.


    You can't downgrade the user's organization-level permissions within the project.

  2. On the right side of the line, click Edit permissions.

  3. In the dialog window, use the dropdown lists to assign user permissions and click Submit:

    <-- screenshot here -->

You'll see the active roles in the user's Role column.

Create a ClickHouse® user with read-only permission

The read-only permission doesn't allow access to connection strings of your Managed ClickHouse® clusters. If you want to provide access to a cluster, create a standalone user with read-only permissions for each Managed ClickHouse® cluster on your project:

  1. Install the ClickHouse® client.

  2. Connect to your cluster with a connection string:

    1. Go to the Clusters page in the console.

    2. Under Connection strings, find the Native interface string and click Copy.

    3. Open your terminal and run a command to connect to your cluster:

      docker run --network host --rm -it clickhouse/<Native interface connection string>
      The complete Docker command structure
      docker run --network host --rm -it \ 
                  clickhouse/clickhouse-client \
                  --host <FQDN of your cluster> \
                  --secure \
                  --user <cluster user name> \
                  --password <cluster user password> \
                  --port 9440 
      <Native interface connection string>
  3. Create a user and its password:

    CREATE USER IF NOT EXISTS <user_name> ON CLUSTER <cluster ID> IDENTIFIED BY '<password>'
  4. Assign the read-only rights to the newly created user:

    GRANT SHOW TABLES, SELECT ON database.* TO <user_name>

    Now the user can see the tables and perform SELECT queries with all the databases on the cluster.

  5. For convenience, create a custom connection string for the new user:

    clickhouse-client --host <FQDN of the host> \
                      --secure \
                      --user <Cluster user name> \
                      --password <Cluster user password> \
                      --port 9440 

Delete an active member from the project

  1. Under Active members, select the user you want to delete from the project.

  2. On the right side of the line, click Delete.

  3. In the popup window, check the I want to revoke permissions to project box and click Delete.

See also