Database Reference
In-Depth Information
Figure 4-17
.
Permissions of a superuser on the privileges table
From this series of steps, we conclude:
•
A non-superuser can't manage, access, or view other users' permis-
sions.
•
Permissions can be given on the keyspace and the specific table/
column family.
•
A superuser can manage or access permissions of other users.
Accessing system_auth with AllowAllAuthorizer
By default, authentication is disabled in Cassandra and
AllowAllAuthenticator
is configured as the authenticator in
cassandra.yaml
configuration. In the previ-
ous section we explored various authorization techniques with
Pass-
wordAuthenticator
. In this section we will explore whether the managing user's
permission with
AllowAllAuthorizer
is permissible or not. This recipe will let
you understand what will not work with
AllowAllAuthorizer
. This is purely for
experimentation purposes.
As mentioned above, the
system_auth
keyspace contains user credentials and
permissions details. In this recipe, we will try accessing the
system_auth
keyspace
and managing user credentials without authentication.
1.
// describe keyspace.
describe keyspace system_auth;