I'd like to enable SQL-driven Access Control and Account Management as mentioned in ClickHouse docs https://clickhouse.tech/docs/en/operations/access-rights/
However, it does not state whether sql-managed users are then replicated across cluster or have to be set per replica.
I would move to sql-driven access control only if it was true. Now I have to manage xml files per replica. I see no big advantage in moving to SQL if it's either not replicated.
SQL-managed users are NOT replicated.
I see no big advantage in moving to SQL if it's either not replicated.
SQL managed users allows you to GRANT SELECT by table.
Upd. Now users/grants/roles... can be synced (replicated) using zookeeper/keeper
<?xml version="1.0" ?>
<clickhouse>
<user_directories replace="replace">
<users_xml>
<path>/etc/clickhouse-server/users.xml</path>
</users_xml>
<replicated>
<zookeeper_path>/clickhouse/mycluster/access/</zookeeper_path>
</replicated>
</user_directories>
</clickhouse>
(needs to re-run all RBAC SQLs)