ClickHouse · gingerwizard · Sep 17, 2025 · Sep 9, 2025 · Sep 16, 2025
@@ -9,10 +9,15 @@ import Image from '@theme/IdealImage';
 import user_grant_permissions_options from '@site/static/images/cloud/security/cloud-access-management/user_grant_permissions_options.png';
 
 # Access control in ClickHouse Cloud {#access-control-in-clickhouse-cloud}
-ClickHouse controls user access in two places, via the console and via the database. Console access is managed via the clickhouse.cloud user interface. Database access is managed via database user accounts and roles. Additionally, console users can be granted roles within the database that enable the console user to interact with the database via our SQL console.
+
+ClickHouse controls user access in two places, via the console and via the database.
+Console access is managed via the clickhouse.cloud user interface. Database access is managed via database user accounts and roles.
+Additionally, console users can be granted roles within the database that enable the console user to interact with the database via our SQL console.
 
 ## Console users and roles {#console-users-and-roles}
-Configure Organization and Service role assignments within the Console > Users and roles page. Configure SQL Console role assignments in the settings page for each service.
+
+[Configure Organization and Service role assignments](/cloud/guides/sql-console/configure-org-service-role-assignments) within the Console > Users and roles page.
+[Configure SQL Console role assignments](/cloud/guides/sql-console/config-sql-console-role-assignments) in the settings page for each service.
 
 Users must be assigned an organization level role and may optionally be assigned service roles for one or more services. Service roles may be optionally configured for users to access the SQL console in the service settings page.
 - Users assigned the Organization Admin role are granted Service Admin by default.

@@ -0,0 +1,5 @@
+{
+  "label": "SQL console",
+  "collapsible": true,
+  "collapsed": true,
+}
@@ -0,0 +1,80 @@
+---
+slug: /cloud/guides/sql-console/configure-org-service-role-assignments
+sidebar_label: 'Configuring organization and service role assignments'
+title: 'Configuring organization and service role assignments within the console'
+description: 'Guide showing how to configure org and service role assignments within the console'
+---
+
+import Image from '@theme/IdealImage';
+import step_1 from '@site/static/images/cloud/guides/sql_console/org_level_access/1_org_settings.png'
+import step_2 from '@site/static/images/cloud/guides/sql_console/org_level_access/2_org_settings.png'
+import step_3 from '@site/static/images/cloud/guides/sql_console/org_level_access/3_org_settings.png'
+import step_4 from '@site/static/images/cloud/guides/sql_console/org_level_access/4_org_settings.png'
+import step_5 from '@site/static/images/cloud/guides/sql_console/org_level_access/5_org_settings.png'
+import step_6 from '@site/static/images/cloud/guides/sql_console/org_level_access/6_org_settings.png'
+import step_7 from '@site/static/images/cloud/guides/sql_console/org_level_access/7_org_settings.png'
+
+<VerticalStepper>
+
+## Access organization settings {#access-service-settings}
+
+From the services page, select the name of your organization:
+
+<Image img={step_1} size="md"/>
+
+Select the `Users and roles` menu item from the popup menu.
+
+<Image img={step_2} size="md"/>
+
+## Adjust access per user {#access-per-user}
+
+Select the menu item at the end of the row for the user that you which to modify
+access for:
+
+<Image img={step_3} size="lg"/>
+
+Select `edit`:
+
+<Image img={step_4} size="lg"/>
+
+A tab will display on the right hand side of the page:
+
+<Image img={step_5} size="lg"/>
+
+Select the drop-down menu items to adjust the organization role of the selected user.
+This manages high-level access and administrative settings for an organization:
+
+| Role        | Description                                                                      |
+|-------------|----------------------------------------------------------------------------------|
+| `Admin`     | Perform all administrative activities for an organization, control all settings. |
+| `Developer` | View everything except Services, create API keys with equal or lower access.     |
+| `Member`    | Sign in only with ability to manage personal profile settings.                   |
+| `Billing`   | View usage and invoices, and manage payment methods                              |
+
+Select the drop-down menu items to adjust the access scope of the service role of the selected user.
+This defines security and operational settings for individual services:
+
+| Access scope        |
+|---------------------|
+| `All services`      |
+| `Specific services` |
+| `No services`       |
+
+When selecting `Specific services`, you can control the role of the user per
+service:
+
+<Image img={step_6} size="md"/>
+
+You can choose from the following roles:
+
+| Role        | Description                                                        |
+|-------------|--------------------------------------------------------------------|
+| `Admin`     | Full control over configuration and security. Can delete service.  |
+| `Read-only` | Can see service data and security settings. Can't modify anything. |
+| `No access` | Doesn't know the service exists.                                   |
+
+Save your changes with the `Save changes` button at the bottom of the tab:
+
+<Image img={step_7} size="md"/>
+
+</VerticalStepper>
@@ -0,0 +1,68 @@
+---
+slug: /cloud/guides/sql-console/config-sql-console-role-assignments
+sidebar_label: 'Configuring SQL console role assignments'
+title: 'Configuring SQL console role assignments'
+description: 'Guide showing how to configure SQL console role assignments'
+---
+
+import Image from '@theme/IdealImage';
+import step_1 from '@site/static/images/cloud/guides/sql_console/service_level_access/1_service_settings.png'
+import step_2 from '@site/static/images/cloud/guides/sql_console/service_level_access/2_service_settings.png'
+import step_3 from '@site/static/images/cloud/guides/sql_console/service_level_access/3_service_settings.png'
+import step_4 from '@site/static/images/cloud/guides/sql_console/service_level_access/4_service_settings.png'
+import step_5 from '@site/static/images/cloud/guides/sql_console/service_level_access/5_service_settings.png'
+import step_6 from '@site/static/images/cloud/guides/sql_console/service_level_access/6_service_settings.png'
+import step_7 from '@site/static/images/cloud/guides/sql_console/service_level_access/7_service_settings.png'
+
+<VerticalStepper>
+
+## Access service settings {#access-service-settings}
+
+From the services page, click the menu in the top right corner of the service
+for which you want to adjust SQL console access settings.
+
+<Image img={step_1} size="lg"/>
+
+Select `settings` from the popup menu.
+
+<Image img={step_2} size="lg"/>
+
+## Adjust SQL console access {#adjust-sql-console-access}
+
+Under the "Security" section, find the "SQL console access" area:
+
+<Image img={step_3} size="md"/>
+
+Select the drop-down menu for Service Admin to change the access control settings for Service Admin roles:
+
+<Image img={step_4} size="md"/>
+
+You can choose from the following roles:
+
+| Role          |
+|---------------|
+| `No access`   |
+| `Read only`   |
+| `Full access` |
+
+Select the drop-down menu for Service Read Only to change the access control settings for Service Read Only roles:
+
+<Image img={step_5} size="md"/>
+
+You can choose from the following roles:
+
+| Role          |
+|---------------|
+| `No access`   |
+| `Read only`   |
+| `Full access` |
+
+An overview of users for the service can be viewed by selecting the user count:
+
+<Image img={step_6} size="md"/>
+
+A tab will open to the right of the page showing the total number of users and their roles:
+
+<Image img={step_7} size="md"/>
+
+</VerticalStepper>