Altinity Access to ClickHouse

Controlling Altinity personnel’s access to data and cluster administration

Introduction

Altinity Access settings allow Altinity.Cloud users to limit the level of access Altinity personnel have to customer ClickHouse data or administrative operations. Altinity.Cloud provides two types of limits:

  • Data Access - Control the ability of Altinity personnel to view or change data in ClickHouse tables.
  • Management Access - Control ability to change cluster configuration or perform administrative actions.

If you restrict access to data or management functions you may choose to lift them from time to time to allow Altinity support to diagnose problems or perform operations on your behalf. You can apply the restrictions again afterward.

Viewing and Changing Altinity Access Settings

Access the Cluster Dashboard view of any cluster. The ALTINITY ACCESS button appears in the upper right-hand side of the dashboard view.

Altinity Access button
Figure 1 - The Altinity Access Button in Cluster Dashboard

Button Colors

The button color indicates Altinity personnel’s access level to your ClickHouse clusters and data.

No access

No Access - Altinity personnel cannot use the ACM Query Browser or Schema Browser. They cannot look at data or schema. This is shown in Figure 1 above.

No access

System Access - Altinity personnel can use the ACM Query browser to query system tables and look at table definitions in the Schema Browser, but they cannot look at data. This setting provides a good balance between protecting data and providing the access required for quick support from Altinity. This is the default value.

No access

Read-Only Access - In addition to the above, Altinity personnel can use the ACM Query Browser to run SELECT statements that read data from any table.

No access

Full Access - In addition to the above, Altinity personnel can use the ACM Query Browser to run SQL statements that alter data.

Modifying Altinity access settings

Press the ALTINITY ACCESS button, whatever color it may be, to manage access settings for Altinity personnel.

Data Access Level settings

The four data access levels are at the top of the panel:

Altinity Access settings
Figure 2 - Altinity Access Dialog

Select the new access level and press CONFIRM to save it. The CONFIRM button is disabled until you enter a reason for the change. Changing settings requires an account with EnvUser role or higher.

Management Access settings

You may similarly enable or disable management access using the check boxes in the middle of the panel.

Enable Cluster Configuration Management

Checking this box allows Altinity personnel to perform any of the following cluster configuration operations:

  • Changing cluster configuration settings
  • Changing users or profiles
  • Setting connection configuration
  • Altering backup settings
  • Setting uptime schedules
  • Setting alerts

The above actions can cause your server to restart, alter user passwords, or change the information that you receive from Altinity.Cloud about your clusters. If the box is unchecked, only you can make these changes.

Enable Cluster Actions

Checking this box allows Altinity staff to perform any of the following cluster administration operations:

  • Creating new clusters
  • Rescaling clusters
  • Upgrading clusters
  • Restarting clusters

The above actions may cause your server to restart, behave differently for applications, or affect operating costs. If the box is unchecked, only you can make these changes.