You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When running SELECT * FROM queryMetrics as a restricted user (Clickhouse 20.4.2.9) that has a limited SELECT GRANT, you get the following error:
Code: 497. DB::Exception: Received from 127.0.0.1:9000. DB::Exception: dyn_testing: Not enough privileges. To execute this query it's necessary to have the grant SELECT(Timestamp, Remote, QType, QName, Buffer, Cached, Datacenter, Server, IsTcp, DomainName, RecordName, DomainID) ON default.queryMetrics.
I'm using the following GRANT statement:
GRANT SELECT(Cached, Timestamp, QType, QName, Datacenter, DomainName, RecordName, DomainID) ON default.queryMetrics ON CLUSTER metrics TO dyn_testing WITH GRANT OPTION;
What I would like to see, is that the wildcard doesn't return with an error, but selects everything the user has access to. The only time an error would occur is if the restricted user tries to query a column they don't have permissions for.
This way the user doesn't need to manually specify the fields, and the database doesn't leak the fact that the user is not seeing all the columns in the table.
The text was updated successfully, but these errors were encountered:
When running
SELECT * FROM queryMetrics
as a restricted user (Clickhouse 20.4.2.9) that has a limited SELECT GRANT, you get the following error:I'm using the following GRANT statement:
What I would like to see, is that the wildcard doesn't return with an error, but selects everything the user has access to. The only time an error would occur is if the restricted user tries to query a column they don't have permissions for.
This way the user doesn't need to manually specify the fields, and the database doesn't leak the fact that the user is not seeing all the columns in the table.
The text was updated successfully, but these errors were encountered: