Skip to content

Commit

Permalink
Update permissions docs for Object Store ClickPipes (#2414)
Browse files Browse the repository at this point in the history
The main change is adding a note for `Full Access` being required for
Materialized Views.

While I was at it, I noticed a few small things that wanted to improve
along the way:
- More consistent capitalization
- Fix section headers for Authentication section on object stores
- Fix Permissions section styling, from codeblock to list
  • Loading branch information
kitop authored Jun 19, 2024
1 parent ff83b83 commit c7a64cc
Show file tree
Hide file tree
Showing 3 changed files with 7 additions and 7 deletions.
4 changes: 2 additions & 2 deletions docs/en/integrations/data-ingestion/clickpipes/kafka.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
---
sidebar_label: ClickPipes For Kafka
sidebar_label: ClickPipes for Kafka
description: Seamlessly connect your Kafka data sources to ClickHouse Cloud.
slug: /en/integrations/clickpipes/kafka
---
Expand Down Expand Up @@ -61,7 +61,7 @@ will retrieve the latest version). A complete url using a schema subject would

9. Finally, you can configure permissions for the internal clickpipes user.

**Permissions:** ClickPipes will create a dedicated user for writing data into a destination table. You can select a role for this internal user using a custom role or one of the predefined role:
**Permissions:** ClickPipes will create a dedicated user for writing data into a destination table. You can select a role for this internal user using a custom role or one of the predefined role:
- `Full access`: with the full access to the cluster. It might be useful if you use Materialized View or Dictionary with the destination table.
- `Only destination table`: with the `INSERT` permissions to the destination table only.

Expand Down
2 changes: 1 addition & 1 deletion docs/en/integrations/data-ingestion/clickpipes/kinesis.md
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@ You have familiarized yourself with the [ClickPipes intro](./index.md) and setup

8. Finally, you can configure permissions for the internal clickpipes user.

**Permissions:** ClickPipes will create a dedicated user for writing data into a destination table. You can select a role for this internal user using a custom role or one of the predefined role:
**Permissions:** ClickPipes will create a dedicated user for writing data into a destination table. You can select a role for this internal user using a custom role or one of the predefined role:
- `Full access`: with the full access to the cluster. It might be useful if you use Materialized View or Dictionary with the destination table.
- `Only destination table`: with the `INSERT` permissions to the destination table only.

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -46,8 +46,8 @@ You have familiarized yourself with the [ClickPipes intro](./index.md).

8. Finally, you can configure permissions for the internal clickpipes user.

**Permissions:** ClickPipes will create a dedicated user for writing data into a destination table. You can select a role for this internal user using a custom role or one of the predefined role:
- `Full access`: with the full access to the cluster. It might be useful if you use Materialized View or Dictionary with the destination table.
**Permissions:** ClickPipes will create a dedicated user for writing data into a destination table. You can select a role for this internal user using a custom role or one of the predefined role:
- `Full access`: with the full access to the cluster. Required if you use Materialized View or Dictionary with the destination table.
- `Only destination table`: with the `INSERT` permissions to the destination table only.

![permissions](./images/cp_step5.png)
Expand Down Expand Up @@ -106,7 +106,7 @@ https://datasets-documentation.s3.eu-west-3.amazonaws.com/http/{documents-01,doc

## Authentication

## S3
### S3
You can access public buckets with no configuration, and with protected buckets you can use [IAM credentials](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html) or an [IAM Role](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html). You can [refer to this guide](/docs/en/cloud/security/secure-s3) to understand the required permission for accessing your data.

### GCS
Expand All @@ -115,7 +115,7 @@ Like S3, you can access public buckets with no configuration, and with protected
Service Accounts for GCS aren't directly supported. HMAC (IAM) Credentials must be used when authenticating with non-public buckets.
The Service Account permissions attached to the HMAC credentials should be `storage.objects.list` and `storage.objects.get`.

## F.A.Q
## F.A.Q.
- **Does ClickPipes support GCS buckets prefixed with `gs://`?**

No. For interoprability reasons we ask you to replace your `gs://` bucket prefix with `https://storage.googleapis.com/`.
Expand Down

0 comments on commit c7a64cc

Please sign in to comment.