Granting Permissions to Roles in Cassandra

In this article, we are going to discuss how we can granting permission to roles in Cassandra. First, we will create a new role and show how it can access the database.

Creating a new role:
In this step, we are going to create a new role such that user_access is a new role and want to access the database. To create a new role using the following cqlsh query.

cassandra@cqlsh> create role user_access
   ... with password = 'user_access'
   ... and LOGIN = true;

Output:

Now, If we can see “user_access” role access by using the following cqlsh query.

cassandra@cqlsh> list all permissions of 'user_access';

 role | resource | permissions
------+----------+-------------

(0 rows)
cassandra@cqlsh>

Right now, it can’t access the Existing keyspace ‘University’. let’s have a look.

cassandra@cqlsh> login user_access
Password:user_access
user_access@cqlsh> 

Output:

To resolve this error “Unauthorized: Error from server: code=2100 [Unauthorized] message=”User user_access has no SELECT permission on

Consider if we want only access “student” table on university keyspace then we can use the following cqlsh query.

cassandra@cqlsh> 

grant all permissions on university.student to user_access;

Only we can grant permission to access “university.student” table.

Output:

Now, used the following cqlsh query if we want to give the grant access to all tables on a university keyspace.

cassandra@cqlsh>

grant all permissions on keyspace university to user_access;

We can see all the permissions by using “list all permissions”.

Output:

If we want to give the grant access to the full database then used the following cqlsh query.

cassandra@cqlsh>

grant all permissions on all keyspaces to user_access;

Output: