Technology•March 17, 2015
Role Based Access Control In Cassandra
CREATE KEYSPACE warehouse WITH REPLICATION = {'class':'SimpleStrategy', 'replication_factor':1};
USE warehouse;
CREATE TABLE addresses (
customer_id bigint,
address_id int,
address text,
PRIMARY KEY (customer_id, address_id)
);
CREATE TABLE orders (
customer_id bigint,
order_id timeuuid,
product_id uuid,
product_description text,
PRIMARY KEY (customer_id, order_id, product_id)
);
CREATE ROLE supervisor;
GRANT MODIFY ON warehouse.orders TO supervisor;
GRANT SELECT ON warehouse.addresses TO supervisor;
CREATE ROLE pam WITH PASSWORD = 'password' AND LOGIN = true;
GRANT supervisor TO pam;
LIST ALL PERMISSIONS OF pam;
role | username | resource | permission
------------+------------+-----------------------------+------------
supervisor | supervisor | <table warehouse.addresses> | SELECT
supervisor | supervisor | <table warehouse.orders> | MODIFY
CREATE ROLE office_admin;
GRANT SELECT ON KEYSPACE office TO office_admin;
GRANT MODIFY ON KEYSPACE office TO office_admin;
GRANT office_admin TO pam;
LIST ALL PERMISSIONS OF pam;
role | username | resource | permission
--------------+--------------+-----------------------------+------------
office_admin | office_admin | <keyspace office> | SELECT
office_admin | office_admin | <keyspace office> | MODIFY
supervisor | supervisor | <table warehouse.addresses> | SELECT
supervisor | supervisor | <table warehouse.orders> | MODIFY
LIST ROLES OF pam;
role | super | login | options
--------------+-------+-------+---------
office_admin | False | False | {}
pam | False | True | {}
supervisor | False | False | {}
INFO [OptionalTasks:1] CassandraRoleManager.java:410 - Converting legacy users
INFO [OptionalTasks:1] CassandraRoleManager.java:420 - Completed conversion of legacy users
INFO [OptionalTasks:1] CassandraRoleManager.java:425 - Migrating legacy credentials data to new system table
INFO [OptionalTasks:1] CassandraRoleManager.java:438 - Completed conversion of legacy credentials
INFO [OptionalTasks:1] CassandraAuthorizer.java:396 - Converting legacy permissions data
INFO [OptionalTasks:1] CassandraAuthorizer.java:435 - Completed conversion of legacy permissions