The Problem
ClickHouse is great for analytics, but managing it in a team environment comes with unique challenges. Teams need secure credential management, access control, and audit trails.
When you’re working with multiple ClickHouse servers across different environments, credentials need to be managed securely. Access control needs to be centralized and consistent. And you need visibility into who ran what query and when.
We built CHouse UI to address these team management needs.
What CHouse UI Does
CHouse UI is a web interface for ClickHouse that adds security and access control on top of the database. The key difference is that credentials never leave your server — they’re encrypted and stored server-side, and all connections go through a secure backend proxy.
This means you can give team members access to CHouse UI without exposing ClickHouse credentials. You can rotate credentials without updating everyone’s configuration. And you have a single place to manage who can access what.
Security and Access Control
Server-Side Credential Storage: All ClickHouse credentials are encrypted and stored in a separate RBAC database. The browser never sees them. This architecture lets you safely share access without credential leakage.
Role-Based Access Control
CHouse UI includes six role levels:
- Super Admin — Full system access
- Admin — User and connection management
- Developer — Write access (INSERT, UPDATE, DDL)
- Analyst — Read access with export
- Viewer — Read-only queries
- Guest — Limited read-only access
You can also set granular data access rules. Allow analysts to access analytics databases but deny system tables. Give specific users access to individual tables. Use regex patterns for complex scenarios.
Multi-Connection Support: Manage multiple ClickHouse servers from one interface. Switch between development, staging, production, and analytics clusters with a dropdown. Each connection maintains its own security context.
Audit Logging: For compliance and debugging, CHouse UI logs everything: every query, every login, every permission check, every configuration change. All with user context and timestamps. The logs are searchable, filterable, and exportable.
Developer Experience: Security shouldn’t come at the cost of usability. CHouse UI uses Monaco Editor for SQL editing, with syntax highlighting. The interface is modern, responsive, and fast.
Features include:
- Saved queries that persist across sessions
- Searchable query history
- Data export in CSV, JSON, and TSV formats
- Real-time metrics dashboard
- Database explorer with schema inspection
- Table management (create, alter, drop)
- File upload to tables
Real-World Use Cases
Multi-Environment Management: A data engineering team manages five ClickHouse clusters (dev, staging, prod, analytics, reporting) through one interface. RBAC ensures developers can’t accidentally modify production data.
Self-Service Analytics: Companies enable business analysts to query ClickHouse without direct database access. Analysts get a user-friendly interface with read-only permissions, and every action is logged.
Try It Out
CHouse UI is now publicly available and ready to use:
🌐 Website: https://chouse-ui.com
📦 GitHub: https://github.com/daun-gatal/chouse-ui
You can get started quickly with Docker, or set it up for production with PostgreSQL. The documentation includes setup guides and configuration options.
If you’re working with ClickHouse in a team environment and need better security and access control, give CHouse UI a try. We’d love to hear your feedback and see how you’re using it.
CHouse UI is open source and licensed under Apache License 2.0.
Top comments (0)