GRANT¶

Synopsis¶

GRANT permission_name PERMISSION
| GRANT ALL PERMISSIONS
    ON resource TO user

permission_name is one of these:

• ALTER
• AUTHORIZE
• CREATE
• DROP
• MODIFY
• SELECT

resource is one of these:

• ALL KEYSPACES
• KEYSPACE keyspace_name
• TABLE keyspace_name.table_name

Synopsis legend

Description¶

Permissions to access all keyspaces, a named keyspace, or a table can be granted to a user. Enclose the user name in single quotation marks if it contains non-alphanumeric characters.

This table lists the permissions needed to use CQL statements:

To be able to perform SELECT queries on a table, you have to have SELECT permission on the table, on its parent keyspace, or on ALL KEYSPACES. To be able to CREATE TABLE you need CREATE permission on its parent keyspace or ALL KEYSPACES. You need to be a superuser or to have AUTHORIZE permission on a resource (or one of its parents in the hierarchy) plus the permission in question to be able to GRANT or REVOKE that permission to or from a user. GRANT, REVOKE and LIST permissions check for the existence of the table and keyspace before execution. GRANT and REVOKE check that the user exists.

Examples¶

Give 'spillman' permission to perform SELECT queries on all tables in all keyspaces:

GRANT SELECT ON ALL KEYSPACES TO spillman;

Give 'akers' permission to perform INSERT, UPDATE, DELETE and TRUNCATE queries on all tables in the 'field' keyspace:

GRANT MODIFY ON KEYSPACE field TO akers;

Give 'boone' permission to perform ALTER KEYSPACE queries on the 'forty9ers' keyspace, and also ALTER TABLE, CREATE INDEX and DROP INDEX queries on all tables in 'forty9ers' keyspace:

GRANT ALTER ON KEYSPACE forty9ers TO boone;

Give 'boone' permission to run all types of queries on ravens.plays table:

GRANT ALL PERMISSIONS ON ravens.plays TO boone;

To grant access to a keyspace to just one user, assuming nobody else has ALL KEYSPACES access, you use this statement:

GRANT ALL ON KEYSPACE keyspace_name TO user_name