Skip to main content
This guide is intended for users with the Admin role in ClickHouse Cloud. ClickHouse Cloud customers may select from pre-defined system roles or create custom roles to assign to users. For more information on system roles and their associated permissions, review Console roles and permissions. This guide provides details for managing custom roles.

Create custom roles

Custom roles can contain a combination of organization, service, and database permissions. Permissions may be applied to all or a subset of services and databases.
1

Access organization settings and select Users and roles

From the services page, select the name of your organization. Select the Users and roles menu item from the popup menu.
2

Select the Roles tab

Select the Roles tab from the top middle of the screen.
3

Select Create new role from the upper right

Select the Create new role button in the upper right of the screen.
4

Name the role

Enter a descriptive role name. This will be the name you will see when assigning roles to users and API keys.
5

Click Allow and select permission scope

Click the Allow button and select from Organization, Service, and/or Database permissions. For a description of all permissions, see Console roles and permissions.
Ensure users who will log into the console have a minimum of Organization > Access organization permissions.
Data Sources tab access: To access the Data Sources tab, the role currently requires the Manage and Delete Selected Services permission.
6

Review your new role

Review permissions assigned to your new role before finalizing. Click Create role when done.

Update custom roles

Custom roles may be updated after they’re created. Users will lose any permissions removed from the role and will gain any permissions added.
User permissions are additive. If a user has permission to perform an operation as part of multiple roles, they may not immediately lose access if permission is removed from only one role.
  1. Access organization settings and select Users and roles
  2. Select the Roles tab
  3. Select the three dots next to the role you would like to update
  4. Select Edit
  5. Modify the permissions
  6. Select Edit role

Delete custom roles

Custom roles may be deleted at any time.
You must have at least one user in the organization with administrative permissions. If deleting the role removes administrative permissions from the last user, you can’t delete it. To resolve this, assign at least one user the Admin system role before deleting the custom role.
  1. Access organization settings and select Users and roles
  2. Select the Roles tab
  3. Select the three dots next to the role you would like to delete
  4. Review the users and API keys that will lose access when the role is removed. Adjust assignments as needed.
  5. Select Delete role to complete the process