ClickHouse Requirements#
System Requirements#
| Item | Minimum | Recommended |
|---|---|---|
| Version | 25.3 | 25.3 |
| Memory | 16GB | 32GB |
| CPU | 4vCPUs | 8vCPUs |
| Disk space | 1TB | 3TB |
Table: Minimum and recommended system requirements for ClickHouse
Mandatory ClickHouse Settings
-
Cloud Upgrades: When upgrading from MES versions earlier than 11.0.0 to 11.0.0 or later, and migrating from an in-stack ClickHouse deployment to an external ClickHouse Cloud setup, the
allow_materialized_view_with_bad_selectsetting must be configured before starting the upgrade. For more information, see ClickHouse Migration ⧉. -
Correct ODS Behavior: In ClickHouse, when the
do_not_merge_across_partitions_select_finalsetting is set to1, merging across partitions may cause data duplication when querying ODS state tables (for example,CoreDataModel_T_Material). ClickHouse 25.3 sets this value to0by default; however, some operators may have manually overridden it to1. To ensure correct behavior, this setting must always remain set to0. Starting from MES version 11.2.3, the system automatically enforces this configuration.
ACLs#
When creating an MES Customer Environment, ClickHouse users can be automatically provisioned with predefined roles and permissions.
Depending on how the environment is configured, the following options are available:
- If automatic provisioning is enabled, the system creates the required users with the necessary permissions.
- If automatic provisioning is disabled, the system assigns all required permissions to the default user.
- For advanced scenarios (for example, when following custom security or compliance policies), administrators may disable automatic provisioning and manually configure both user creation and permission assignments.
Info
Permissions in ClickHouse are assigned using the GRANT statement ⧉. All users should authenticate with strong credentials and be restricted to the relevant databases only.
Default User#
The default ClickHouse user is the account that must already exist in the customer ClickHouse installation. This user is either created manually by the customer or corresponds to the default user provided by their ClickHouse setup.
The Environment Manager uses this account to connect to ClickHouse during environment creation and configuration. Therefore, the default user must have all of the permissions listed in the table below.
This requirement exists because ClickHouse only allows users to grant permissions that they already possess. Without these privileges, the system will not be able to create or configure additional users correctly.
Other Users#
The table below summarizes the standard ClickHouse users created by MES, their database scope, and the permissions required for installation, upgrades, and daily operations.
| User Role | Primary Function | Databases | Permissions |
|---|---|---|---|
| Analytics (Read/Write) Admin | Administrative user with extended privileges for managing all analytics databases and deployments. | All required databases | CREATE DATABASE, DROP DATABASE, SHOW, SELECT, INSERT, ALTER, CREATE TABLE, CREATE VIEW, CREATE DICTIONARY, DROP TABLE, DROP VIEW, DROP DICTIONARY, UNDROP TABLE, TRUNCATE, OPTIMIZE, CREATE ROW POLICY, ALTER ROW POLICY, DROP ROW POLICY, SHOW ROW POLICIES, dictGet |
| MES (Read/Write) | Responsible for reading and writing core operational MES data. | MES | SELECT, INSERT, ALTER, CREATE TABLE, CREATE VIEW, CREATE DICTIONARY |
| Analytics (Read) | Provides read-only access for general reporting and data consumption across all Analytics databases. | ODS, CDM, DWH, system | SELECT (on analytics databases), SELECT(volume_name, policy_name) on system.storage_policies, SELECT(value, name) on system.build_options |
| Analytics (Read) / DWH (Read/Write) | Used for processes that populate the DWH, but only require read-only access to source databases (CDM). | CDM, DWH | - CDM: SELECT - DWH: SHOW, SELECT, INSERT, ALTER, CREATE TABLE, CREATE VIEW, CREATE DICTIONARY, DROP TABLE, DROP VIEW, DROP DICTIONARY, UNDROP TABLE, TRUNCATE, OPTIMIZE, CREATE ROW POLICY, ALTER ROW POLICY, DROP ROW POLICY, SHOW ROW POLICIES, dictGet |
| DWH (Read) | Provides read-only access exclusively to the Data Warehouse. | DWH | SELECT |
| DWH Playground (Read) | Provides read-only access to Cube Explorer users. | DWH | SELECT (with quotas: MAX execution_time = 900s, MAX result_rows = 1,000,000) |
Table: Standard ClickHouse user roles, associated databases, and required permissions for MES
Permission Descriptions#
- CREATE DATABASE / DROP DATABASE – Create or remove entire databases.
- SELECT – Read data from tables.
- INSERT – Write data into tables.
- ALTER – Modify table schema.
- CREATE TABLE / VIEW / DICTIONARY – Create new database objects.
- DROP / UNDROP – Remove or restore database objects.
- TRUNCATE / OPTIMIZE – Manage and maintain table data.
- SHOW – Display metadata or policies.
- dictGet – Access data from external dictionaries.
- ROW POLICY permissions – Manage row-level access control policies.