Database Reference
In-Depth Information
Note that all passwords are stored in plaintext unless the
passwd.mode=MD5
is specified.
For example, say we want to control access to the VideoStore keyspace. Let's
give
allclerks
read-only access, give
randalgraves
full read-write access,
and give
dantehicks
read-only access to just the videos table. We need to first
create the entries in the password file (see
Listing 11.3
)
.
Listing 11.3
Example password.properties File
dantehicks=hereondayoff
randalgraves=videostoreclerk
allclerks=lazy
Once the password entries have been created, it's time to add the access control.
The file should look like
Listing 11.4
.
Listing 11.4
Example access.properties File
VideoStore.@ro:=allclerks
VideoStore.@rw:=randalgraves
VideoStore.videos.@ro:=dantehicks
Access control granularity works only down to the table level as of Cassandra
1.2 without custom access control. At a less granular level, you can give a user
(in this case, the user's name is admin) the ability to modify everything within a
keyspace by adding the line in
Listing 11.5
to the access.properties file.
Listing 11.5
Allow
videoadmin
User to Modify Anything within a Keyspace
# videoadmin can modify everything
<modify-keyspaces>=videoadmin