security-hardening

Installation
SKILL.md

Security Hardening

RBAC (Role-Based Access Control)

  • Create roles: CREATE ROLE analyst
  • Grant permissions: GRANT SELECT ON db.* TO analyst
  • Assign to users: GRANT analyst TO user1
  • Hierarchical: roles can inherit from other roles
  • Check grants: SHOW GRANTS FOR user1
  • Inspect user: SHOW CREATE USER username
  • Password rotation: ALTER USER username IDENTIFIED BY 'new_password'

Row Policies

  • Restrict row access per user: CREATE ROW POLICY p ON db.table FOR SELECT USING tenant_id = currentUser()
  • Policies are AND-ed together
  • Use for multi-tenant data isolation
  • Check policies: system.row_policies
Installs
3
GitHub Stars
241
First Seen
Apr 19, 2026
security-hardening — duyet/clickhouse-monitoring