Apache Cassandra™ 2.0

Configuring internal authorization

CassandraAuthorizer is one of many possible IAuthorizer implementations, and the one that stores permissions in the system_auth.permissions table to support all authorization-related CQL statements. Configuration consists mainly of changing the authorizer option in the cassandra.yaml to use the CassandraAuthorizer.

Note: To configure authentication, see Configuring authentication.

Procedure

  1. In the cassandra.yaml file, comment out the default AllowAllAuthorizer and add the CassandraAuthorizer.
    authorizer: CassandraAuthorizer
    You can use any authenticator except AllowAll.
  2. Configure the replication factor for the system_auth keyspace to increase the replication factor to a number greater than 1.
  3. Adjust the validity period for permissions caching by setting the permissions_validity_in_ms option in the cassandra.yaml file.
    Alternatively, disable permission caching by setting this option to 0.

Results

CQL supports these authorization statements:
Show/hide