Apache Cassandra 1.2 Documentation
REVOKE¶
Synopsis¶
REVOKE permission_name PERMISSION | REVOKE ALL PERMISSIONS ON resource FROM user_name
permission_name is one of these:
- ALTER
- AUTHORIZE
- CREATE
- DROP
- MODIFY
- SELECT
resource is one of these:
- ALL KEYSPACES
- KEYSPACE keyspace_name
- TABLE keyspace_name.table_name
Description¶
Permissions to access all keyspaces, a named keyspace, or a table can be revoked from a user. Enclose the user name in single quotation marks if it contains non-alphanumeric characters.
This table lists the permissions needed to use CQL statements:
| Permission | CQL Statements |
|---|---|
| ALTER | ALTER KEYSPACE, ALTER TABLE, CREATE INDEX, DROP INDEX |
| AUTHORIZE | GRANT, REVOKE |
| CREATE | CREATE KEYSPACE, CREATE TABLE |
| DROP | DROP KEYSPACE, DROP TABLE |
| MODIFY | INSERT, DELETE, UPDATE, TRUNCATE |
| SELECT | SELECT |
Example¶
REVOKE SELECT ON ravens.plays FROM boone;
The user boone can no longer perform SELECT queries on the ravens.plays table. Exceptions: Because of inheritance, the user can perform SELECT queries on revens.plays if one of these conditions is met:
- The user is a superuser
- The user has SELECT on ALL KEYSPACES permissions
- The user has SELECT on the ravens keyspace