Example
By default each user will be able to access all data in Cassandra. You'll have to configuring a different authorizer in your cassandra.yaml to grant individual object permissions to your users.
# Grant all permissions to all users # authorizer: AllowAllAuthorizer # Use object permissions managed internally by Cassandra authorizer: CassandraAuthorizer
Permissions for individual users will be store in the internal system_auth keyspace. You should change the replication settings in case you haven't already done so while enabling password based authentication.
For SimpleStrategy (where N is the number of nodes in your cluster):
ALTER KEYSPACE system_auth WITH replication = {'class': 'SimpleStrategy', 'replication_factor': N};
For NetworkTopologyStrategy (where N is the number of nodes in the corresponding data center):
ALTER KEYSPACE system_auth WITH replication = { 'class' : 'NetworkTopologyStrategy', 'datacenter1' : N };
Restart each node after the changes described above. You'll now be able to set permissions using e.g. the following commands.
Grants all permissions for specified keyspace and role:
GRANT ALL ON KEYSPACE keyspace_name TO role_name;
Grant read permissions on all keyspaces:
GRANT SELECT ON ALL KEYSPACES TO role_name;
Allow execution of INSERT, UPDATE, DELETE and TRUNCATE statements on a certain keyspace:
GRANT MODIFY ON KEYSPACE keyspace_name TO role_name;
Allow changing keyspaces, tables and indices for certain keyspace:
GRANT ALTER ON KEYSPACE keyspace_name TO role_name;
Please note that permissions will be cached for permissions_validity_in_ms (cassandra.yaml) and changes might not be effective instantly.
