Kubit

Go to the <a href="https://clickhouse.com/docs/en/integrations/sql-clients/sql-console" rel="nofollow noopener noreferrer" target="_blank">SQL Console</a>

<a href="https://clickhouse.com/docs/en/sql-reference/statements/create/user" rel="nofollow noopener noreferrer" target="_blank">Create a user</a> named <code>KUBIT</code>. The Kubit team will generate and share a strong password which you should use to create the user.

CREATE USER KUBIT IDENTIFIED WITH sha256_password BY '*****';

<a href="https://clickhouse.com/docs/en/sql-reference/statements/create/role" rel="nofollow noopener noreferrer" target="_blank">Create a role</a> named <code>KUBIT_R</code>

<a href="https://clickhouse.com/docs/en/sql-reference/statements/create/database" rel="nofollow noopener noreferrer" target="_blank">Create a database</a> named <code>KUBIT_DB</code>

<a href="https://clickhouse.com/docs/en/sql-reference/statements/grant" rel="nofollow noopener noreferrer" target="_blank">Grant</a> <code>KUBIT_W</code> the permissions to read and write from <code>KUBIT_DB</code> database. This will allow us to create any auxiliary tables or views there

GRANT SELECT,INSERT,ALTER,CREATE,DROP,TRUNCATE,SHOW,CLUSTER ON KUBIT_DB.* TO KUBIT_W;

Add read-only (SELECT) permissions to the <code>KUBIT_R</code> role to the intended tables/views and <code>KUBIT_DB</code>

GRANT SELECT ON KUBIT_DB TO KUBIT_R; GRANT SELECT ON table/view TO KUBIT_R;

Setup <a href="https://clickhouse.com/docs/en/cloud/security/setting-ip-filters" rel="nofollow noopener noreferrer" target="_blank">IP whitelisting</a> , Kubit IPs are available <a href="https://help.kubit.ai/en/articles/9722729-ip-whitelisting">here</a>

1. Go to the <a href="https://clickhouse.com/docs/en/integrations/sql-clients/sql-console" rel="nofollow noopener noreferrer" target="_blank">SQL Console</a>
2. <a href="https://clickhouse.com/docs/en/sql-reference/statements/create/user" rel="nofollow noopener noreferrer" target="_blank">Create a user</a> named <code>KUBIT</code>. The Kubit team will generate and share a strong password which you should use to create the user.
   CREATE USER KUBIT IDENTIFIED WITH sha256_password BY '*****';
3. <a href="https://clickhouse.com/docs/en/sql-reference/statements/create/role" rel="nofollow noopener noreferrer" target="_blank">Create a role</a> named <code>KUBIT_R</code>
   CREATE ROLE OR REPLACE KUBIT_R;
4. Create a role named <code>KUBIT_W</code>
   CREATE ROLE OR REPLACE KUBIT_W;
5. <a href="https://clickhouse.com/docs/en/sql-reference/statements/create/database" rel="nofollow noopener noreferrer" target="_blank">Create a database</a> named <code>KUBIT_DB</code>
   CREATE DATABASE KUBIT_DB;
6. <a href="https://clickhouse.com/docs/en/sql-reference/statements/grant" rel="nofollow noopener noreferrer" target="_blank">Grant</a> <code>KUBIT_W</code> the permissions to read and write from <code>KUBIT_DB</code> database. This will allow us to create any auxiliary tables or views there
   GRANT SELECT,INSERT,ALTER,CREATE,DROP,TRUNCATE,SHOW,CLUSTER ON KUBIT_DB.* TO KUBIT_W;
7. Add read-only (SELECT) permissions to the <code>KUBIT_R</code> role to the intended tables/views and <code>KUBIT_DB</code>
   GRANT SELECT ON KUBIT_DB TO KUBIT_R; GRANT SELECT ON table/view TO KUBIT_R;
8. Setup <a href="https://clickhouse.com/docs/en/cloud/security/setting-ip-filters" rel="nofollow noopener noreferrer" target="_blank">IP whitelisting</a> , Kubit IPs are available <a href="https://help.kubit.ai/en/articles/9722729-ip-whitelisting">here</a>

Create one more user, roles and service for development purposes in order to isolate the impact on the production environment and avoid accidents.

Steps

👍 Best Practice