Grant Privileges

How to grant and revoke privilege in Cassandra

   GRANT priviledge
   ON resource_name
   TO role_name;

   
   REVOKE privilege 
   ON resource_name
   FROM role_name;

privilege

The full set of available privileges is:

• ALL PERMISSIONS
• ALTER
• AUTHORIZE
• CREATE
• DESCRIBE
• DROP
• EXECUTE
• MODIFY
• SELECT

resource_name

 

Cassandra database objects to which permissions are applied.

The full list of available objects is:

• ALL FUNCTIONS
• ALL FUNCTIONS IN KEYSPACE keyspace_name
• FUNCTION function_name
• ALL KEYSPACES
• KEYSPACE keyspace_name
• TABLE table_name
• ALL ROLES
• ROLE role_name

Example :-

Give the role coach permission to perform SELECT queries on all tables in all keyspaces:

GRANT SELECT ON ALL KEYSPACES TO coach;

Give the role manager permission to perform INSERT, UPDATE, DELETE and TRUNCATE queries on all tables in the field keyspace.

GRANT MODIFY ON KEYSPACE field TO manager;

Give the role coach permission to perform ALTER KEYSPACE queries on the cycling keyspace, and also ALTER TABLE, CREATE INDEX and DROP INDEX queries on all tables in cycling keyspace:

GRANT ALTER ON KEYSPACE cycling TO coach;

Give the role coach permission to run all types of queries on cycling.name table.

GRANT ALL PERMISSIONS ON cycling.name TO coach;

Create an administrator role with full access to cycling.

GRANT ALL ON KEYSPACE cycling TO cycling_admin;

REVOKE SELECT ON cycling.name FROM manager;

The role manager can no longer perform SELECT queries on the cycling.name table. Exceptions: Because of inheritance, the user can perform SELECT queries on cycling.name if one of these conditions is met:

• The user is a superuser.
• The user has SELECT on ALL KEYSPACES permissions.
• The user has SELECT on the cycling keyspace.

REVOKE ALTER 
ON ALL ROLES 
FROM coach;

The role coach can no longer perform GRANT, ALTER or REVOKE commands on all roles.