Governance
Metadata, access matrix, incidents, policies, and lineage
CH-UI Governance provides ClickHouse visibility similar to data governance platforms, but optimized for speed and operator workflows.
Modules
- Dashboard: inventory metrics and sync status
- Tables: metadata, comments, and notes
- Query Audit: query history and top query surfaces
- Lineage: edge and graph views
- Access: users, roles, access matrix, over-permissions
- Incidents: incident queue and comments
- Policies: policy definitions and violations
- Query Log: ClickHouse query log snapshot with filtering
- Alerts: SMTP/Resend/Brevo channels, rules, routing, and escalation
- Audit Log: privileged action audit trail with search and filtering
Sync Model
Governance sync workers cache ClickHouse metadata and access state in CH-UI SQLite.
Sync types:
metadataquery_logaccess
You can trigger full sync or single sync by type.
Access Operations
CH-UI can now manage ClickHouse users directly:
- Create user
- Delete user
- Change password
These operations exist in both Admin -> Users and governance access workflows.
Commenting And Notes
You can write:
- Table comments
- Column comments
- Table notes
- Column notes
This turns CH-UI into a light catalog for operational context.
Incident Flow
- Policy violation appears.
- Create incident from violation.
- Assign severity/status.
- Add threaded comments and resolve.
Query Log
The Query Log tab shows a snapshot from the ClickHouse system.query_log table. You can filter by:
- Time range
- Query type
- User
- Free-text search
Alerts
Governance includes alert channels and rules for governance events:
- Channels: SMTP, Resend, and Brevo providers
- Rules: event type, severity filter, cooldown, and max attempts
- Routing: multi-route with escalation and digest modes
- Events: delivery status feed
Audit Log
The Audit Log tracks privileged actions such as login, query execution, and configuration changes. Filters include:
- Time range
- Action type
- Username
- Free-text search