You use familiar relational database GRANT/REVOKE paradigm to grant or revoke permissions to access Cassandra data. A superuser grants initial permissions, and subsequently a user may or may not be given the permission to grant/revoke permissions. Object permission management is independent of authentication (works with Kerberos or Cassandra).
Fetching permissions can be an expensive operation. If necessary, adjust the validity period for permissions caching by setting the permissions_validity_in_ms option in the cassandra.yaml. You can also disable permission caching by setting this option to 0.
CQL 3 supports the following authorization statements, which are described in the CQL alphabetical security command reference: