CQL for Cassandra 2.0

LIST PERMISSIONS

List permissions granted to a user.

Synopsis

LIST permission_name PERMISSION
| ( LIST ALL PERMISSIONS )
    ON resource OF user_name
    NORECURSIVE

permission_name is one of these:

  • ALTER
  • AUTHORIZE
  • CREATE
  • DROP
  • MODIFY
  • SELECT

resource is one of these:

  • ALL KEYSPACES
  • KEYSPACE keyspace_name
  • TABLE keyspace_name.table_name

Synopsis Legend

  • Uppercase means literal
  • Lowercase means not literal
  • Italics mean optional
  • The pipe (|) symbol means OR or AND/OR
  • Ellipsis (...) means repeatable
  • Orange ( and ) means not literal, indicates scope

A semicolon that terminates CQL statements is not included in the synopsis.

Description

Permissions checks are recursive. If you omit the NORECURSIVE specifier, permission on the requests resource and its parents in the hierarchy are shown.

  • Omitting the resource name (ALL KEYSPACES, keyspace, or table), lists permissions on all tables and all keyspaces.
  • Omitting the user name lists permissions of all users. You need to be a superuser to list permissions of all users. If you are not, you must add
     of <myusername>
  • Omitting the NORECURSIVE specifier, lists permissions on the resource and its parent resources.
  • Enclose the user name in single quotation marks only if it contains non-alphanumeric characters.

After creating users in and granting the permissions in the GRANT examples, you can list permissions that users have on resources and their parents.

Example

Assuming you completed the examples in Examples, list all permissions given to akers:

LIST ALL PERMISSIONS OF akers;

Output is:

 username | resource           | permission
----------+--------------------+------------
    akers | <keyspace field>   |     MODIFY

List permissions given to all the users:

LIST ALL PERMISSIONS;

Output is:

 username | resource             | permission
----------+----------------------+------------
    akers |     <keyspace field> |     MODIFY
    boone | <keyspace forty9ers> |      ALTER
    boone | <table ravens.plays> |     CREATE
    boone | <table ravens.plays> |      ALTER
    boone | <table ravens.plays> |       DROP
    boone | <table ravens.plays> |     SELECT
    boone | <table ravens.plays> |     MODIFY
    boone | <table ravens.plays> |  AUTHORIZE
 spillman |      <all keyspaces> |     SELECT
      

List all permissions on the plays table:

LIST ALL PERMISSIONS ON ravens.plays;

Output is:

 username | resource             | permission
----------+----------------------+------------
    boone | <table ravens.plays> |     CREATE
    boone | <table ravens.plays> |      ALTER
    boone | <table ravens.plays> |       DROP
    boone | <table ravens.plays> |     SELECT
    boone | <table ravens.plays> |     MODIFY
    boone | <table ravens.plays> |  AUTHORIZE
 spillman |      <all keyspaces> |     SELECT

List all permissions on the ravens.plays table and its parents:

Output is:

LIST ALL PERMISSIONS ON ravens.plays NORECURSIVE;
 username | resource             | permission
----------+----------------------+------------
    boone | <table ravens.plays> |     CREATE
    boone | <table ravens.plays> |      ALTER
    boone | <table ravens.plays> |       DROP
    boone | <table ravens.plays> |     SELECT
    boone | <table ravens.plays> |     MODIFY
    boone | <table ravens.plays> |  AUTHORIZE
    
Show/hide