v.25.8New Feature

Add GRANT READ ON S3

Official CH changelog text
New syntax added GRANT READ ON S3('s3://foo/.*') TO user. #84503 (pufit).
Added support for granting READ access on specific S3 URI patterns using the new syntax GRANT READ ON S3('s3://foo/.*') TO user.

Why it matters

This feature enables fine-grained access control to external S3 data sources by allowing administrators to grant READ permissions on specific S3 path patterns. It enhances security and flexibility when managing user permissions for external storage.

How to use it

Use the SQL statement with the new syntax to grant read access to a user for S3 paths matching the specified pattern. For example:
GRANT READ ON S3('s3://foo/.*') TO user

Related resources

PreviousNext