Apache Cassandra™ 2.0

Configuring internal authorization

CassandraAuthorizer is one of many possible IAuthorizer implementations, and the one that stores permissions in the system_auth.permissions table to support all authorization-related CQL statements. Configuration consists mainly of changing the authorizer option in the cassandra.yaml to use the CassandraAuthorizer.

Procedure

  1. In the cassandra.yaml, comment out the default AllowAllAuthorizer and add the CassandraAuthorizer.
    #authorizer: org.apache.cassandra.auth.AllowAllAuthorizer
    authorizer: org.apache.cassandra.auth.CassandraAuthorizer
    You can use any authenticator except AllowAll.
  2. Configure the replication factor for the system_auth keyspace.
  3. Adjust the validity period for permissions caching by setting the permissions_validity_in_ms option in the cassandra.yaml.
    Alternatively, disable permission caching by setting this option to 0.

Results

CQL supports these authorization statements:
Show/hide