Database Reference
In-Depth Information
Appendix B. Authentication and
Authorization
In our interactions with Cassandra in this topic, we haven't concerned ourselves with au-
thentication or authorization; whenever we connect to our local Cassandra instance, we're
not required to provide any credentials, and there have been no restrictions on what kind of
operations we've been able to perform. This is the default configuration for a Cassandra
cluster and works well in many scenarios, in particular where network access to the ma-
chines running Cassandra is tightly controlled.
In some scenarios, however, it's useful to be able to control access to Cassandra at the data-
base level itself—for instance, when a cluster is shared between multiple tenants or where a
large organization needs to restrict access to sensitive data to certain departments or indi-
viduals.
For these scenarios, Cassandra does offer a full suite of authentication and authorization
functionality; accounts and permissions are configured using CQL. In order to enable au-
thentication and authorization in our development cluster, we will need to make a couple of
small changes to the cluster's configuration file, but we'll otherwise be operating in the fa-
miliar territory of cqlsh.
By the end of this appendix, you'll be familiar with:
• How to configure your cluster to restrict access to authorized users
• How to create a user
• How to change a user's password
• How to grant privileges to a user
• How to see the privileges granted to a user
• How to revoke privileges from a user
• Other steps you may want to take to secure your Cassandra cluster
