Granting Permissions to Roles in Cassandra

In this article, we are going to discuss how we can granting permission to roles in Cassandra. First, we will create a new role and show how it can access the database.

Creating a new role:
In this step, we are going to create a new role such that user_access is a new role and want to access the database. To create a new role using the following cqlsh query.

cassandra@cqlsh> create role user_access
   ... with password = 'user_access'
   ... and LOGIN = true;

Output:

Now, If we can see “user_access” role access by using the following cqlsh query.

cassandra@cqlsh> list all permissions of 'user_access';

 role | resource | permissions
------+----------+-------------

(0 rows)
cassandra@cqlsh>

Right now, it can’t access the Existing keyspace ‘University’. let’s have a look.

cassandra@cqlsh> login user_access
Password:user_access
user_access@cqlsh> 

Output:

To resolve this error “Unauthorized: Error from server: code=2100 [Unauthorized] message=”User user_access has no SELECT permission on

or any of its parents” we can give the grant permissions to access.

Consider if we want only access “student” table on university keyspace then we can use the following cqlsh query.

cassandra@cqlsh> 

grant all permissions on university.student to user_access;

Only we can grant permission to access “university.student” table.

Output:

Now, used the following cqlsh query if we want to give the grant access to all tables on a university keyspace.

cassandra@cqlsh>

grant all permissions on keyspace university to user_access;

We can see all the permissions by using “list all permissions”.

Output:

If we want to give the grant access to the full database then used the following cqlsh query.

cassandra@cqlsh>

grant all permissions on all keyspaces to user_access;

Output: