Skip to content
Related Articles

Related Articles

Improve Article

Database Roles in CQL (Cassandra Query Language)

  • Last Updated : 17 May, 2021
Geek Week

In this article we will discuss Database Roles in Cassandra Query Language. It is very important to create different role for different type of users to provide access with a specific requirements. It is used to provide security for Database users or group of users. 

A Role name can be simply defined as following. 
 

 role_name ::=  identifier | string

 

  1. CREATE ROLE: 
    In CQL we can create role by using the CREATE command statement. CREATE command helps in creating role for users or group of users. 
    Syntax : 

     

create_role_statement ::=  CREATE ROLE [ IF NOT EXISTS ] role_name
                               [ WITH role_options ]
role_options          ::=  role_option ( AND role_option )*
role_option           ::=  PASSWORD '=' string
                          | LOGIN '=' boolean
                          | SUPERUSER '=' boolean
                          | OPTIONS '=' map_literal
                          | ACCESS TO DATACENTERS set_literal
                          | ACCESS TO ALL DATACENTERS 
  1. source 

     

syntax :
CREATE ROLE new_role_name; 
  1. For example: 
    To create simple user and super user Role then used the following CQL query. 



     

CREATE ROLE Ashish WITH PASSWORD = 'pass_a' 
                         AND LOGIN = true;
CREATE ROLE Rana WITH PASSWORD = 'pass_r' 
                  AND LOGIN = true 
                  AND SUPERUSER = true;
  1. To create Database Roles for user with more restrictions such that if a user only able to access specific datacenters then to create such type of Role used the following CQL query. 

     

CREATE ROLE user1 WITH OPTIONS = { 'option1' : 'option1_value', 
                                   'option2' : 98 };
CREATE ROLE Ashish WITH PASSWORD = 'pass_a' 
                    AND LOGIN = true 
                    AND ACCESS TO DATACENTERS {'DC1', 'DC4'};
CREATE ROLE Rana WITH PASSWORD = 'pass_r' 
                  AND LOGIN = true 
                  AND ACCESS TO ALL DATACENTERS;
  1. If we want to create Role conditionally then we can used the following CQL query. 

     

CREATE ROLE IF NOT EXISTS role_name; 
  1.  

  2. ALTER ROLE : 
    If we want to change the existing Role which already created after that we can modify Role with ALTER ROLE statement. 

     

Syntax : 
alter_role_statement ::=  ALTER ROLE role_name 
                          WITH role_options 
  1. For instance: 
    Before Alter Role 
     

CREATE ROLE Rana WITH PASSWORD = 'pass_r' 
                       AND LOGIN = true 
                       AND SUPERUSER = true;
  1. After Alter Role 
     
ALTER ROLE Rana WITH PASSWORD = 'pass_r' 
                      AND SUPERUSER = false;
  1.  
  2. DROP ROLE : 
    If a user want to Drop Existing Role then we can used the following CQL query to drop the Role. 
    syntax : 

     

drop_role_statement ::=  DROP ROLE [ IF EXISTS ] role_name
  1. For example: 
     

DROP ROLE Ashish;
  1.  
  2. GRANT ROLE : 
    It is used for granting the ROLE for other uses. 
    syntax: 
     
grant_role_statement ::=  GRANT role_name 
                                  TO role_name
  1. For example: 
     

GRANT user1 TO Ashish;
  1. This statement grants the user1 role to Ashish. Any permissions granted to user1 are also acquired by Ashish. 
     
  2. REVOKE ROLE : 
    If a user want to revoke database role then we can used REVOKE ROLE statement. 
    syntax: 
     
 revoke_role_statement ::=  REVOKE role_name 
                                 FROM role_name
  1. For instance: 
     
REVOKE user1 FROM Ashish;
  1. Above CQL query statement revokes the user1 role from Ashish. Any permissions that Ashish has acquired via the user1 role are also revoked. 
     

  2. LIST ROLE : 
    If a user want to list all the Roles then we can used the following CQL query to list all the Roles. 
    syntax : 
     
list_roles_statement ::=  LIST ROLES [ OF role_name ] 
                                          [ NORECURSIVE ]
  1. For instance: 
     
LIST ROLES;
  1. This CQL query statement returns all known roles in the system which requires DESCRIBE permission on the database roles resource. 
     

 

Attention reader! Don’t stop learning now. Get hold of all the important CS Theory concepts for SDE interviews with the CS Theory Course at a student-friendly price and become industry ready.

 

My Personal Notes arrow_drop_up
Recommended Articles
Page :