Database Reference
In-Depth Information
Figure 4-17 . Permissions of a superuser on the privileges table
From this series of steps, we conclude:
A non-superuser can't manage, access, or view other users' permis-
sions.
Permissions can be given on the keyspace and the specific table/
column family.
A superuser can manage or access permissions of other users.
Accessing system_auth with AllowAllAuthorizer
By default, authentication is disabled in Cassandra and AllowAllAuthenticator
is configured as the authenticator in cassandra.yaml configuration. In the previ-
ous section we explored various authorization techniques with Pass-
wordAuthenticator . In this section we will explore whether the managing user's
permission with AllowAllAuthorizer is permissible or not. This recipe will let
you understand what will not work with AllowAllAuthorizer . This is purely for
experimentation purposes.
As mentioned above, the system_auth keyspace contains user credentials and
permissions details. In this recipe, we will try accessing the system_auth keyspace
and managing user credentials without authentication.
1.
First let's describe the system_auth keyspace (see Figure 4-18 ).
// describe keyspace.
describe keyspace system_auth;
 
 
Search WWH ::




Custom Search