Skip to main content
camelAI Legacy Product — This documentation covers camelAI’s embedded analytics offering, which is no longer being actively developed. We are migrating existing customers to the new camelAI platform. For the current product, visit camelAI.
ClickHouse supports native row policies that provide robust, secure row-level access control. Camel integrates with ClickHouse’s custom settings feature to enable dynamic, per-user data isolation.

How Camel Sets the UID

For every query executed through Camel, the system automatically sets a custom session setting:
This setting is available throughout the query execution and can be referenced in your row policies.

Setting Up RLS

Step 1: Create a Role with Custom Settings

First, create a role that allows the custom setting to be used:

Step 2: Grant Table Permissions

Grant the necessary permissions to the role:

Step 3: Create a Row Policy

Create a row policy that uses the custom setting to filter data:

Step 4: Create Users and Assign Roles

Complete Example: Multi-Tenant Data

Let’s implement RLS for a multi-tenant analytics platform where each tenant should only see their own data.

1. Create the Events Table

2. Set Up the Role and Permissions

3. Create the Row Policy

4. Create the User

Testing Your Policies

You can test your row policies using the ClickHouse client:

Troubleshooting

Common Issues and Solutions

Debugging Queries

Enable query logging to debug issues:

Learn More

For assistance with ClickHouse RLS implementation, contact support@camelai.com.