Provide access to database objects.
GRANT permission_name PERMISSION | GRANT ALL PERMISSIONS ON resource TO user
permission_name is one of these:
resource is one of these:
- ALL KEYSPACES
- KEYSPACE keyspace_name
- TABLE keyspace_name.table_name
- Uppercase means literal
- Lowercase means not literal
- Italics mean optional
- The pipe (|) symbol means OR or AND/OR
- Ellipsis (...) means repeatable
- « means a non-literal, open parenthesis used to indicate scope
- » means a non-literal, close parenthesis used to indicate scope
A semicolon that terminates CQL statements is not included in the synopsis.
Permissions to access all keyspaces, a named keyspace, or a table can be granted to a user. Enclose the user name in single quotation marks if it contains non-alphanumeric characters.
CQL Permissions lists the permissions needed to use CQL statements:
|ALTER||ALTER KEYSPACE, ALTER TABLE, CREATE INDEX, DROP INDEX|
|CREATE||CREATE KEYSPACE, CREATE TABLE|
|DROP||DROP KEYSPACE, DROP TABLE|
|MODIFY||INSERT, DELETE, UPDATE, TRUNCATE|
To be able to perform SELECT queries on a table, you have to have SELECT permission on the table, on its parent keyspace, or on ALL KEYSPACES. To be able to CREATE TABLE you need CREATE permission on its parent keyspace or ALL KEYSPACES. You need to be a superuser or to have AUTHORIZE permission on a resource (or one of its parents in the hierarchy) plus the permission in question to be able to GRANT or REVOKE that permission to or from a user. GRANT, REVOKE and LIST permissions check for the existence of the table and keyspace before execution. GRANT and REVOKE check that the user exists.
Give spillman permission to perform SELECT queries on all tables in all keyspaces:
GRANT SELECT ON ALL KEYSPACES TO spillman;
Give akers permission to perform INSERT, UPDATE, DELETE and TRUNCATE queries on all tables in the field keyspace.
GRANT MODIFY ON KEYSPACE field TO akers;
Give boone permission to perform ALTER KEYSPACE queries on the forty9ers keyspace, and also ALTER TABLE, CREATE INDEX and DROP INDEX queries on all tables in forty9ers keyspace:
GRANT ALTER ON KEYSPACE forty9ers TO boone;
Give boone permission to run all types of queries on ravens.plays table.
GRANT ALL PERMISSIONS ON ravens.plays TO boone;
To grant access to a keyspace to just one user, assuming nobody else has ALL KEYSPACES access, you use this statement.
GRANT ALL ON KEYSPACE keyspace_name TO user_name