Issue with multiple access statement

[ehsanafter]

Hey guys yesterday i had this clickhouse user config section:

    users:
      admin/networks/ip:
        - 0.0.0.0/0

      # printf 'theSecurePassword' | sha256sum
      admin/password_sha256_hex: <redacted>
      admin/profile: default
      admin/quota: default

      notif_reporter/password_sha256_hex: <redacted>
      notif_reporter/grants/query:
        - "GRANT SELECT ON data_team.*"
      notif_reporter/allow_databases/database:
        - "data_team"
      notif_reporter/networks/ip:
        - 0.0.0.0/0
        - '::/0'

      notif_reporter/quota: default

The key part is these two:

      notif_reporter/grants/query:
        - "GRANT SELECT ON data_team.*"
      notif_reporter/allow_databases/database:
        - "data_team"

seems like i cant use these two together but operator didnt tell me anything either other than that ip is restricted while i gave access to all ips for this user.
after restarting the pod manually since the operator didnt restart i found out my configuration is invalid so i commented out this part:

       notif_reporter/allow_databases/database:
        - "data_team"

and used grants only and it went through.
Just wanted to let you know.
Thanks

[Slach]

Thanks for sharing your experience,
this is

when you combine allow_databases and GRANT ... ON db.* it doesn't work on clickhouse side

Actually your pod should switched to CrashLoopBack in modern clickhouse-server version with error in logs something like that "you can't add any other grants for database"

if you will use *.* instead of db.* then it should works

      notif_reporter/grants/query:
        - "GRANT SELECT ON *.*"
      notif_reporter/allow_databases/database:
        - "data_team"