HackerTrans
TopNewTrendsCommentsPastAskShowJobs

mattaitken

no profile record

comments

mattaitken
·4 mesi fa·discuss
This is cool. I think for our use case this wouldn’t work. We’re dealing with billions of rows for some tenants.

We’re about to introduce alerts where users can write their own TRQL queries and then define alerts from them. Which requires evaluating them regularly so effectively the data needs to be continuously up to date.
mattaitken
·4 mesi fa·discuss
ClickHouse is a high performance OLAP database. It’s good for analytics and search.

We use it (I’m the author or the article) so users can search every run they do and graph all sorts of metrics.
mattaitken
·4 mesi fa·discuss
Yes it’s exactly this. There’s not a neat permission boundary when you have users, orgs, projects, environments. Let alone when you add RBAC too.
mattaitken
·4 mesi fa·discuss
You’re right RLS can go a long way here. With complex RBAC rules it can get tricky though.

The main advantages of a DSL are you can expose a nicer interface to users (table names, columns, virtual columns, automatic joins, query optimization).

We very intentionally kept the syntax as close to regular ClickHouse as possible but added some functions.
mattaitken
·4 mesi fa·discuss
In a system with organizations, projects and advanced user access permissions having separate databases doesn’t full solve the problem. You still need access control inside each tenanted database. It also makes cross-cutting queries impossible which means users can’t query across all their orgs for example.

The DSL approach has other advantages too: like rewriting queries to not expose underlying tables, doing automatic performance optimizations…
mattaitken
·4 mesi fa·discuss
Yes, you can actually do this already because we expose a REST API and TypeScript SDK functions to execute the queries.