Database Reference
In-Depth Information
Setting up a user
By default, Cassandra has one user account configured; its username is
cassandra
and it
is a superuser, meaning there are no restrictions on what it can do to the database. When
you connect as a superuser, it's essentially the same as if Cassandra did not have authoriza-
tion enabled at all.
In order to do something useful with our access restrictions, we'll want to set up another
user account that is not a superuser. Let's say one of the departments in the burgeoning
MyStatus corporation is a data analytics team. This team needs access to read data from our
Cassandra cluster, but has no need to add, change, or remove data. We'll set up a user ac-
count for this team that gives them only the access they need.
First, we'll use the
CREATE USER
command to add a user account for the analytics team:
CREATE USER 'data_analytics'
WITH PASSWORD 'strongpassword'
NOSUPERUSER;
Note, of course, that in a real deployment we would want to choose an actual strong pass-
word, for which the string
strongpassword
does not suffice.
The
NOSUPERUSER
option tells Cassandra that the new account is not a superuser, mean-
ing it can't do anything it hasn't explicitly been granted permission to do. This is the default
for new users, but we make it explicit here for clarity; replacing it with
SUPERUSER
would
make the new user a superuser.
Note
For more information on the
CREATE USER
command, see the DataStax CQL document-