DataStax Enterprise 3.0 Documentation

LIST PERMISSIONS

This documentation corresponds to an earlier product version. Make sure this document corresponds to your version.

Latest DSE documentation | Earlier DSE documentation

Lists permissions granted to a user.

Synopsis

LIST permission_name PERMISSION
| LIST ALL PERMISSIONS
    ON resource OF user_name
    NORECURSIVE

permission_name is one of these:

  • ALTER
  • AUTHORIZE
  • CREATE
  • DROP
  • MODIFY
  • SELECT

resource is one of these:

  • ALL KEYSPACES
  • KEYSPACE keyspace_name
  • TABLE keyspace_name.table_name

Synopsis legend

Description

Permissions checks are recursive. If you omit the NORECURSIVE specifier, permission on the requests resource and its parents in the hierarchy are shown.

  • Omitting the resource name (ALL KEYSPACES, keyspace, or table), lists permissions on all tables and all keyspaces.
  • Omitting the user name lists permissions of all users. You need to be a superuser to list permissions of all users. If you are not, you must add of <myusername>.
  • Omitting the NORECURSIVE specifier, lists permissions on the resource and its parent resources.
  • Enclose the user name in single quotation marks only if it contains non-alphanumeric characters.

After creating users in Creating internal user accounts and granting the permissions in the GRANT examples, you can list permissions that users have on resources and their parents.

Example

Assuming you completed the examples in Examples, list all permissions given to akers:

LIST ALL PERMISSIONS OF akers;

Output

 username | resource           | permission
----------+--------------------+------------
    akers | <keyspace field>   |     MODIFY

List permissions given to all the users:

LIST ALL PERMISSIONS;

Output

 username | resource             | permission
----------+----------------------+------------
    akers |     <keyspace field> |     MODIFY
    boone | <keyspace forty9ers> |      ALTER
    boone | <table ravens.plays> |     CREATE
    boone | <table ravens.plays> |      ALTER
    boone | <table ravens.plays> |       DROP
    boone | <table ravens.plays> |     SELECT
    boone | <table ravens.plays> |     MODIFY
    boone | <table ravens.plays> |  AUTHORIZE
 spillman |      <all keyspaces> |     SELECT

List all permissions on the plays table:

LIST ALL PERMISSIONS ON ravens.plays;

 username | resource             | permission
----------+----------------------+------------
    boone | <table ravens.plays> |     CREATE
    boone | <table ravens.plays> |      ALTER
    boone | <table ravens.plays> |       DROP
    boone | <table ravens.plays> |     SELECT
    boone | <table ravens.plays> |     MODIFY
    boone | <table ravens.plays> |  AUTHORIZE
 spillman |      <all keyspaces> |     SELECT

List all permissions on the ravens.plays table and its parents:

LIST ALL PERMISSIONS ON ravens.plays NORECURSIVE;

 username | resource             | permission
----------+----------------------+------------
    boone | <table ravens.plays> |     CREATE
    boone | <table ravens.plays> |      ALTER
    boone | <table ravens.plays> |       DROP
    boone | <table ravens.plays> |     SELECT
    boone | <table ravens.plays> |     MODIFY
    boone | <table ravens.plays> |  AUTHORIZE