Database Reference
In-Depth Information
The granting permission
On a shared database with multiple users, it is usually a good idea to limit the number of
users who can mutate objects, and have only a couple of users who can change permissions
and create users. This is the best practice in general, applicable to all databases. Cassandra
provides a SQL-like GRANT command that can be used to authorize users to perform
chosen tasks on chosen entities. But before you go ahead and start altering users' capabilit-
ies, you need to enable authorization in the cassandra.yaml file.
1. Edit $CASSANDRA_HOME/conf/cassandra.conf to change the author-
izer attribute to CassandraAuthorizer :
authorizer: CassandraAuthorizer
2. Make sure that system_auth keyspace has a replication factor of more than
1 to avoid failures in cases a node with authorization data goes down. (Obviously,
this does not hold true when you have a single node cluster or are just experiment-
ing on your local machine.)
3. Restart the Cassandra node for this to take effect.
The syntax to grant permission is as follows:
GRANT permission_type
ON
{ ALL KEYSPACES | KEYSPACE ks_name | TABLE
ks_name.table_name }
TO
user_name;
So basically, you can either specify a specific permission type or just provide all the per-
missions on an entity. An entity could be a keyspace, all keyspaces, or a table:
cqlsh> CREATE USER testuser WITH PASSWORD 'abc';
cqlsh> GRANT SELECT ON ALL KEYSPACES TO testuser;
cqlsh> exit
$CASSANDRA_HOME/bin/cqlsh -u testuser -p abc -k demo_cql -e
Search WWH ::




Custom Search