DataStax Enterprise 3.0 Documentation

GRANT

This documentation corresponds to an earlier product version. Make sure this document corresponds to your version.

Latest DSE documentation | Earlier DSE documentation

Provides users access to database objects.

Synopsis

GRANT permission_name PERMISSION
| GRANT ALL PERMISSIONS
    ON resource TO user

permission_name is one of these:

  • ALTER
  • AUTHORIZE
  • CREATE
  • DROP
  • MODIFY
  • SELECT

resource is one of these:

  • ALL KEYSPACES
  • KEYSPACE keyspace_name
  • TABLE keyspace_name.table_name

Synopsis legend

Description

Permissions to access all keyspaces, a named keyspace, or a table can be granted to a user. Enclose the user name in single quotation marks if it contains non-alphanumeric characters.

This table lists the permissions needed to use CQL statements:

Permission CQL Statements
ALTER ALTER KEYSPACE, ALTER TABLE, CREATE INDEX, DROP INDEX
AUTHORIZE GRANT, REVOKE
CREATE CREATE KEYSPACE, CREATE TABLE
DROP DROP KEYSPACE, DROP TABLE
MODIFY INSERT, DELETE, UPDATE, TRUNCATE
SELECT SELECT

To be able to perform SELECT queries on a table, you have to have SELECT permission on the table, on its parent keyspace, or on ALL KEYSPACES. To be able to CREATE TABLE you need CREATE permission on its parent keyspace or ALL KEYSPACES. You need to be a superuser or to have AUTHORIZE permission on a resource (or one of its parents in the hierarchy) plus the permission in question to be able to GRANT or REVOKE that permission to or from a user. GRANT, REVOKE and LIST permissions check for the existence of the table and keyspace before execution. GRANT and REVOKE check that the user exists.

Examples

Give 'spillman' permission to perform SELECT queries on all tables in all keyspaces:

GRANT SELECT ON ALL KEYSPACES TO spillman;

Give 'akers' permission to perform INSERT, UPDATE, DELETE and TRUNCATE queries on all tables in the 'field' keyspace:

GRANT MODIFY ON KEYSPACE field TO akers;

Give 'boone' permission to perform ALTER KEYSPACE queries on the 'forty9ers' keyspace, and also ALTER TABLE, CREATE INDEX and DROP INDEX queries on all tables in 'forty9ers' keyspace:

GRANT ALTER ON KEYSPACE forty9ers TO boone;

Give 'boone' permission to run all types of queries on ravens.plays table:

GRANT ALL PERMISSIONS ON ravens.plays TO boone;

To grant access to a keyspace to just one user, assuming nobody else has ALL KEYSPACES access, you use this statement:

GRANT ALL ON KEYSPACE keyspace_name TO user_name