TechnologyMarch 17, 2015

Role Based Access Control In Cassandra

Sam Tunnicliffe
Sam Tunnicliffe
Role Based Access Control In Cassandra
CREATE KEYSPACE warehouse WITH REPLICATION = {'class':'SimpleStrategy', 'replication_factor':1};
USE warehouse;
CREATE TABLE addresses (
  customer_id bigint,
  address_id int,
  address text,
  PRIMARY KEY (customer_id, address_id)
);
CREATE TABLE orders (
  customer_id bigint,
  order_id timeuuid,
  product_id uuid,
  product_description text,
  PRIMARY KEY (customer_id, order_id, product_id)
);
CREATE ROLE supervisor;
GRANT MODIFY ON warehouse.orders TO supervisor;
GRANT SELECT ON warehouse.addresses TO supervisor;
CREATE ROLE pam WITH PASSWORD = 'password' AND LOGIN = true;
GRANT supervisor TO pam;
LIST ALL PERMISSIONS OF pam;
 role       | username   | resource                    | permission
------------+------------+-----------------------------+------------
 supervisor | supervisor | <table warehouse.addresses> |     SELECT
 supervisor | supervisor |    <table warehouse.orders> |     MODIFY
CREATE ROLE office_admin;
GRANT SELECT ON KEYSPACE office TO office_admin;
GRANT MODIFY ON KEYSPACE office TO office_admin;
GRANT office_admin TO pam;
LIST ALL PERMISSIONS OF pam;
 role         | username     | resource                    | permission
--------------+--------------+-----------------------------+------------
 office_admin | office_admin |           <keyspace office> |     SELECT
 office_admin | office_admin |           <keyspace office> |     MODIFY
   supervisor |   supervisor | <table warehouse.addresses> |     SELECT
   supervisor |   supervisor |    <table warehouse.orders> |     MODIFY
LIST ROLES OF pam;
 role         | super | login | options
--------------+-------+-------+---------
 office_admin | False | False |        {}
          pam | False |  True |        {}
   supervisor | False | False |        {}
INFO  [OptionalTasks:1] CassandraRoleManager.java:410 - Converting legacy users
INFO  [OptionalTasks:1] CassandraRoleManager.java:420 - Completed conversion of legacy users
INFO  [OptionalTasks:1] CassandraRoleManager.java:425 - Migrating legacy credentials data to new system table
INFO  [OptionalTasks:1] CassandraRoleManager.java:438 - Completed conversion of legacy credentials
INFO  [OptionalTasks:1] CassandraAuthorizer.java:396 - Converting legacy permissions data
INFO  [OptionalTasks:1] CassandraAuthorizer.java:435 - Completed conversion of legacy permissions
Discover more
Apache Cassandra™
Share

One-stop Data API for Production GenAI

Astra DB gives JavaScript developers a complete data API and out-of-the-box integrations that make it easier to build production RAG apps with high relevancy and low latency.