// RBAC configuration, row policies, quotas, network security, audit logging, and access control best practices.
Exact column names for the system tables the agent queries most (processes, query_log, parts, merges, mutations, replicas, replication_queue, disks, settings, zookeeper, users/grants, metrics) plus rules for choosing dedicated tools over raw SQL. Load before hand-writing SQL against system tables.
Cluster management: distributed tables, ON CLUSTER DDL, node lifecycle, resharding, load balancing, and Keeper migration.
Schema migrations: ALTER patterns, engine changes, zero-downtime swaps, clickhouse-local offline migrations, and lightweight UPDATE/DELETE strategies.
ReplicatedMergeTree operations, failover procedures, lag diagnosis, quorum writes, and Keeper management.
Compression codecs, TTL policies, tiered storage, part management, and disk space optimization.
Production operational practices: insert batching, async writes, query cache, connection pooling, and recommended settings.
| name | security-hardening |
| description | RBAC configuration, row policies, quotas, network security, audit logging, and access control best practices. |
CREATE ROLE analystGRANT SELECT ON db.* TO analystGRANT analyst TO user1SHOW GRANTS FOR user1SHOW CREATE USER usernameALTER USER username IDENTIFIED BY 'new_password'CREATE ROW POLICY p ON db.table FOR SELECT USING tenant_id = currentUser()system.row_policiesCREATE QUOTA q FOR user1 ... LIMIT max_queries = 100system.quota_usageCREATE USER u HOST IP '10.0.0.0/8'system.session_log for login trackingsystem.query_log records all queries with user infosystem.text_log for server-level eventsreadonly = 1 setting for monitoring connections