Product

AI Analyst Vibe Reporting Confidence & Citations AI Memory Connectors
Pricing Security Blog Docs

Compare — AI Analysts

vs Zenlytic vs Hex vs Kaelio

Compare — Traditional BI

vs ThoughtSpot vs Tableau vs Power BI vs Looker vs Looker Studio vs Metabase vs Mode

Solutions

Marketing Teams Sales Teams Finance Teams Product Teams Executives
Sign in
Navigation

Getting Started

Data Sources

Administration

Reference

ClickHouse Setup

Connect a ClickHouse cluster to Klairr.

Klairr connects to ClickHouse via the HTTP interface using a read-only user. Three layers of read-only enforcement run at the same time: the user’s GRANTed scope, the per-query readonly = 1 setting, and Klairr’s app-layer SQL guardrails.

Prerequisites

  • A reachable ClickHouse cluster (Cloud or self-hosted on a public endpoint)
  • An admin who can CREATE USER and GRANT SELECT

Step 1: Create a read-only user

CREATE USER klairr_reader IDENTIFIED WITH sha256_password BY '...'
  SETTINGS readonly = 1, max_execution_time = 30, max_result_rows = 100000;

GRANT SELECT ON analytics.* TO klairr_reader;
GRANT SELECT ON system.tables TO klairr_reader;
GRANT SELECT ON system.columns TO klairr_reader;

Klairr requires SELECT on the database and on system.tables / system.columns for schema introspection. We do not request INSERT, ALTER, CREATE, DROP, OPTIMIZE, TRUNCATE, or SYSTEM.

Step 2: Add the connector

FieldExample
Hostcluster.region.clickhouse.cloud
Port8443
Databaseanalytics
Usernameklairr_reader
Password
ProtocolHTTPS (recommended)

Notes

  • ClickHouse Cloud uses HTTPS on port 8443. Self-hosted defaults vary.
  • readonly=1 blocks ALTER, INSERT, and any write — Klairr forces it on every connection regardless of the user’s grants.
  • Nullable(...) types are detected automatically and surface as nullable columns in the schema.

Need help? Contact support · Start free